Photo Credit: josh99smith via Compfight cc
The game of golf can be a challenge for the novice (as I’m finding out) and I couldn’t help noticing similarities to the security profession.
In golf you have a number of clubs in your bag to deal with the different types of shots you will need to make. You have a driver to hit the ball long from the tee, wedges to get out of tricky spots (e.g. in the bunker) and a putter to lightly hit the ball so it goes in the hole.
A good security function should have a number of tools to deal with the different threats your organisation will likely face, such as anti-virus to detect for malware, intrusion detection systems (IDS) to alert you to potential attacks and firewalls to filter your network traffic.
When playing on a new golf course some players like to have a course guide so they can better understand how to play the holes and understand the landscape. A vulnerability scan can help you understand your organisation’s ‘threat’ landscape by telling you which systems might be vulnerable.
Organisations should have a security policy that is communicated to all staff so they are aware of their obligations. Golf etiquette is very much like a security policy in that players must demonstrate courtesy (players not taking a shot should not talk while a shot is being played), conduct themselves in a disciplined manner and show respect for the course on which they are playing (repairing ball marks).
Once I’ve gained the necessary skills I’m looking forward to playing on different courses. In the meantime, “Fore!”