Information Security: A New Year Resolution

Wednesday, January 05, 2011

Javvad Malik


The New Year is always a good time to wipe the slate clean and start afresh. On a personal level many of us vow to make big changes in our lives. Spend more time with the family, lose weight, climb that mountain we’ve always wanted to climb and so on.

This year however, I’ve decided that I should make some specific professional resolutions with regards to information security.

Once I sat down to think about it, I realized it wasn’t an easy task. In order to make a resolution, you have to first admit there is a deficiency that needs correcting to begin with. So when someone asks you “what’s your resolution” what you’re really telling them is what you think is wrong with you.

Information security is not unlike most professional industries. Whenever anything goes wrong, it’s never really our fault. With a large number of people to point the finger at, it’s almost too easy to shift the blame.

If there’s a security breach, you can blame the “lazy” developer for coding it wrong, the “incompetent” IT department for not patching it on time, the “ignorant” manager for not doing anything with the risk report you issued them with, or if all else fails, simply blame the “dumb” user.

So, this year, I’d like to set off on a more positive and accountable route. Not just personally, but hopefully something that my friends and colleagues in information security will also adopt:

If you’ve heard me talk about security but still don’t think it’s important.

That’s my fault not yours.

If you’ve seen my solution but don’t endorse it.

Then I haven’t understood your problem correctly

If you’re bored of my presentation

That’s due to my lack of passion and engagement.

If I fail to persuade you to implement a policy

That’s my fault too.

If a system is so secure it reduces your efficiency.

Then I need to design solutions that meet your business needs.


Wishing you a happy and prosperous 2011.

Cross-posted from Quantania

Possibly Related Articles:
Security Strategy Chief Information Officer 2011 Information Security Infosec
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.