Photo Credit: Photo Phiend via Compfight cc
Many of us play musical instruments with varying degrees of expertise. Even those who don’t play an instrument may have sung to themselves in the car or hummed a catchy tune while shopping at some points in their lives. I myself play guitar and have played since I was about 13 years old, and tried a few other instruments before then in grade school. It’s more of a hobby and a pastime, something to keep me busy on an idle and rainy Sunday.
I remember those first days learning. Everything I listened to sounded so perfect, reflecting an air of talent that I thought I would never be capable of. When I picked up my guitar, it sounded like a bunch of angry cats locked in a stand-up piano. It’s really those early days that are hardest to get through, as we’re still comparing ourselves to the musicians we respect and admire.
“Practice makes perfect” they say, but breaking through the frustration and keeping focus on your goals will eventually lead you to master the art. Perhaps not to the same level as those same musicians we admire, but we walk away having carved a unique mastery which reflects our hard work and our artistic motivations.
It is very much the same within information security. Just as you might not swap your violin for the banjo after a few months of frustration in music, security policies that missed targets or fell short on an audit shouldn’t mean we’re ready to throw out the baby with the bath water. These same “misses” don’t necessarily mean that standards need to be entirely revamped, or that an entirely new foundation is needed. I think these days too many business professionals assume that a weakness here and there compromises the overall integrity of the programme.
However, the only way to improve your musical talent is by working through your misses and your weaknesses. And it is entirely reasonable for security practices to start with a weak foundation that continually improves itself after thoughtful introspection and evaluation.
Take the positive attributes and let them drive your motivation, and continue to focus on your weaker points. Security isn’t a one-size-fits-all exercsie, and so just as musical talent follows the drive and creativity of the individual, so does the security programme of an organisation.