Chief Common Sense Officer

Dennis Devlin is Chief Information Security Officer (CISO) at Brandeis University. I met Dennis a few years ago when he had the same role at Thomson Corporation. It has always struck me that a better title for Dennis would be Chief Common Sense Officer. I recently heard Dennis give a talk and wanted to share a few of his thoughts.

As CISO at a university, his group offers a "Digital Self-Defence" class. One key tenet he tries to impart is that information (or photos, videos etc) that you put on the web is like a tattoo: easier to put on display than to remove.

I have previously heard the people part of the technology equation called wetware (as in, "the problem is not in the hardware, and not in the software, it's in the wetware"). Dennis, however, uses a much more pleasant term, and a thought-provoking one, too (pun intended): know-ware. I think I much prefer to be know-ware than wetware!

I also particularly like the analogy that Dennis provides us to think about security
Security is like the brakes on your car; the function is to slow your car down, but the purpose is to allow you to go fast.

Finally, in terms of information systems security, Dennis noted that a system is secure when it does exactly what it is supposed to do, and nothing more! (It strikes me this is a good definition of quality as well as security.) Here is my take on his visual:

No comments: