Photo Credit: Mark Birkle via Compfight cc
On July 18, I’ll be celebrating the first birthday of my triplets, Heath, Hudson, and Harper. My two amazingly crazy boys, and my incredibly curious little girl, are absolutely into everything. Just recently they’ve conquered the skill of crawling, and now are cruising from one thing to the next while learning to walk. It’s an absolutely amazing thing to watch, but at the same time it’s really scary. My wife and I have been baby proofing the house as we go, and over the weekend it hit me … this is exactly like information security risk management.
Every day in information security, we fight to keep our companies safe. We make risk based decisions around what software to purchase, what firewall settings to implement, what standards to adopt, etc. All of these activities are driven by one of two things, risk acceptance or risk mitigation. While baby proofing our house, we had these same decisions to make. Do we cover every single receptacle? Do we remove any furniture with sharp edges? Do we install gates in every doorway and hallway? These are all questions that every parent has to ask themselves at one point or another. We can easily take this to an extreme and wrap our kids in bubble wrap and never let them be exposed to danger, but we know that’s bad for the kids. Kids are in the business of learning, and the best way to learn is from your mistakes. That being said, we try to make those mistakes a little less dangerous.
In business, we can absolutely make our data completely safe. We just simply disconnect from everything and put security measures in place that are so restrictive that we end up out of business. Just like kids, we have to give our business partners enough freedom to actively engage in business.