Finding The Hidden InfoSec Story

It’s Your Round

Photo Credit: cogdogblog via Compfight cc

I am not saying you hang around bars don’t get me wrong, but you do like the occasional drink right? Whether you do it in the privacy of your own home, in a pub, a club, a wine bar or over a meal in a Michelin starred restaurant, you do like to have a little drink I guess, unless you are part of the 15% of the UK population that say they are Teetotal (based on figures from the Office of National Statistics).

When you fancy having a drink or two, how do you select your poison of choice? Are you a wine connoisseur or maybe a real ale denizen? Do you like expensive sounding European bottled lagers or maybe you head straight for the top shelf options, spirits all the way. Your choice is important as it defines the flavour of the drink, the level of intoxication and the unfortunate after-effects if you imbibe too much. We see admonishments to drink responsibly in the media campaigns but what does this mean in reality?

In the privacy of your own home, within your castle walls, it is in theory the safest context. You select your tipple and drink to your heart’s content, what could be simpler than that? Well, although there is no chance of someone tampering with your drinks (apart from a disgruntled partner), who is there to make sure you don’t over indulge? If you become intoxicated who is there to make sure you are alright?

On this point, in a bar it is in theory safer as there is a barman to monitor your behaviour and to stop you from drinking if you begin to act strangely. When you drop your glass, slur your speech or speak too loudly on topics which are inappropriate, the barman can step in. But on the other hand, here in the bar it is not risk free. You are now in an environment where you might have your drink spiked or in fact be vulnerable to people with nefarious intentions due to reduced defences. When you drop your defences you are vulnerable to a range of attacks.

The choice of alcohol in the bar is also a proxy for what you decide over quality versus price. Single malt is not the same as a blended whisky, ask any Bells drinkers to compare notes with someone that drinks Talisker. You will not see the latter putting Coke in!

So apart from the fact I may need a trip to AA soon, due to all the research I have been doing for this piece, what does this drinking session have to say to information security? Let’s begin with location. There is as much need for protection when you are home and when you are in a public place or indeed a place of work. A good InfoSec policy will cover this, but as well as the implementation controlling access securely in a variety of environments; it must also educate the user base as to the appropriate behaviour based on the locational context. This would be akin to reminding people in uncontrolled environments never to go back to a drink that has been left unguarded. The guidelines should tell you what you can do, where and afterwards what do you need to do to remove any remaining evidence of your presence. An example of this would be turning off your tab at the bar before leaving or in InfoSec terms, not simply shutting down the browser, but actually logging out first! This remote access can only get more complicated with the new emerging technologies.

Now let’s consider the price/quality equation. Paying for your security system is rather like paying for your booze. A quality solution unfortunately comes at a price. Under-investment in a solution will unfortunately give you a nasty headache the next day when it comes to an unexpected visitor to your data.

But finally, think about the selection of the drinks themselves. Security is above all else about control. It is as they say horses for courses. There are general principles that are true for all security and privacy implementations but the implementation itself must be contextually sensitive. What works for GCHQ will not necessarily work for a marketing or PR firm.   What is appropriate for a children’s nursery may not be suitable for an adult entertainment channel. One of the hardest challenges is to understand if your company is a real ale drinker or goes straight for the top shelf when it enters the bar.

So the next time you walk into a pub (from which I am writing this btw) think about your choices and think about how they might reflect your InfoSec needs. By the way, it’s your round and mine’s a pint.

Author: Dave Brooks

Share This Post On