Figure 1 Courtesy of Feline-Friends.net
“What’s a blog without cats?”
I was inspired to write this blog by how much the internet users love cats and the Friskies Cat Food Ad below:
Dear Kitty,
Admit it. You are ever so curious as to what an information security program has to do with you! In fact, you may be purring or even hissing right now “it has nothing to do with you”. I’m here to tell you kitten “it is all about you”. I see you are squinting at me now. Raising your paw to swipe at me will not change anything. (By the way, that’s a team member of mine you are attacking. I’m over here by the window.) Information Security that works requires your participation. Why you don’t behave that way is a puzzle to me. It is a puzzle that like all problem-solvers, I want to delve into to see if I can help you.
Let me start with a list of possible causes of this behavior. The first is “Health”. When there are health issues it almost sets off a chain reaction for us felines. Things can go from “bad to worse” in no time at all. I am realistic about this fact. Maybe you ate (installed) some bad software or your organization can’t get it to work. Is it giving you problems? It doesn’t mean you have to throw up or even miss the litter box! There are ways to solve the software problems. Just like you have health plan for you and your family, you need a health plan for security. Software problems or software changes can be managed. You just need to get the security team involved up front. We will handle the rest.
The second issue that may cause behavior problems would be “Instinct”. Are you behaving this way out of “instinct”? It is very normal to claw and scratch or jump up into a high place
like your ancestors when you feel threatened or if someone or something has entered into “your territory”. It is time you learned an important lesson. Information Security, my dear Kitty, belongs with you; everywhere you go. You’ll see why when I describe the full “Program” to you. To cats like me, Information Security is “Instinctive”. Wouldn’t do without it!
Another issue which can prompt all kinds of unusual behaviors in cats is “stress”. Just like in humans, stress can cause unusual outbursts from the tension build up. No need to start compulsive self-
grooming. It is normal to want to avoid things that sometimes don’t make sense to you until you really, really need them. Planning ahead can help you avoid lots of unnecessary stress caused by the failure to look ahead and act appropriately. You think you have stress now, wait until a breach actually occurs.
The best way to alleviate and even prevent the start any of these issues is for you to follow what I teach you. Get to know the four rooms in your house. You can do this by implementing an Information Security Program. When you do the *Right Thing* the world falls into place. You will feel as comfortable as when you could hop inside an old shoe. I know about this from my experiences in many houses.
Let’s go over the four rooms (four parts to an Information Security Program) in your house. If you have any questions, please raise your paw. Do I see a paw up already? My, you are attentive! Yes, it will be easy.
KITCHEN = ADMINISTRATION
First of all there is the “kitchen” and this room my dear Kitty is where all the good things come from.
This is where things are cooking. It is the “hub” of the home. It is where you will find your water and food. Here is where you will find the “heart” of the Information Security Program. It is where you will find the core group of people who make your life easier. It is the Administrative piece of the program. It is here where you will learn about risks and issues and all the hundreds of things that your people monitor, administer and remediate every single day. This is important for a Kitty like you to know. Every piece of your program is reviewed, planned and architected here. You will want to get to know what goes on here. Jump up and take a peak everywhere. Get real close to the folks in the kitchen. They are your critical support for the duration. Administration is the heart of every Information Security Program.
LIVING ROOM=TOOLS FOR SECURITY
Follow me into the “Living Room”. This, my dear Kitty, is the room where “Insiders” (like ourselves) meet “outsiders”. The equivalent of the InfoSec Program’s overall strategy and design is like the living room. Coming and going are lots of people including the partners, vendors, members of the CxO level, Legal, Audit, External Audit, employees and of course the family unit among others. Mind yourself in here good Kitty. People are bringing in new things for us to deal with and trying to make old things work with new. See that table, wasn’t here yesterday. There are lot different personalities to deal with at all times. You can be relaxing on a chair one minute and the next minute it could be a fight for your space. It is usually all good when the owner is in plain sight but watch out when the children are unsupervised! Weird things can happen here. It is best to have a plan (Policies and Procedures) before you interact with the outsiders. Ahem, my space is atop the lovely, carved cabinet. Be warned. I can see everything from there. Don’t make me a “Grumpy Cat”[1] (Internet sensation). I need to watch what goes on here as this is where our whole world can change with a twitch of a whisker. Paying attention here is like that “pet screen” they use between the front seat and the back seat for us in the car, a little caution goes a long way.
BEDROOM= POLICIES AND PROCEDURES
The Bedroom is the place in the house where it seems the quietest. It is a perfect place for a nap-unseen. There are lots of places to hide. People seldom come in there during the day. At night, well, they just lie around or so it seems. They like to close their eyes. This room is just like the “Policies” part of the InfoSec Program. Yes indeed. People have “rules” for this room. It is not a good place to be social. The Owners do not care for it. Things (policies) seldom change. That is a very good thing. It is hard for people to keep up with the rules if the rules keep changing. My spot is, well you know, under
the bed. No there is not enough room for you. All right, stop crying; maybe a small corner can be yours. The people in charge know all the rules. You can’t fool them. (Sigh) I’ve tried. If you don’t follow the rules, there is a price to pay. Know the rules and follow them.
FAMILY OR RECREATION ROOM=SECURITY AWARENESS
Somewhere outside the kitchen but close by is a delightful room where lots of sharing takes place. You can watch television, listen to music, and eat food. People will pet you and play with you or give you toys. This is the room most like the fourth and final part of the InfoSec Program. Everyone participates and a good time is had by all. Learning can prevent costly mistakes. Spend as much time as you can in this room. It is always available. New things are always happening in this room because the InfoSec Program is always changing. Here is your chance to be creative. Play. Design. Create. This is your chance to let everyone know “who you are” and “what it’s all about”. The “style” and “tone” should convey the importance and how necessary it is for everyone to participate in the Program. Any questions? If not, I’m going to take a nap. Kitty, all things being said, I am not saying we will be like “Batman and Robin[2]” but if you can remember these simple things you will be my Super Hero.
[1] GrumpyCats.com is a website about the “World’s Grumpiest Cat”. Grumpy Cat® is a Registered Trademark.
[2] Batmanand Robin is a 1997 American superhero film based on the DC Comics character Batman.