Finding The Hidden InfoSec Story

Security Yoga

When most people think of yoga two things will spring to mind, depending on who they are: one, that it’s all a bit hippy; or two, tight leggings and impossible contortions.

In a way, both are right but fundamentally so very wrong. Yoga is a philosophy and a way of life. Most people consider yoga only in its physical aspect; the postures and strange positions with a bit of meditation thrown in for good measure. Yoga classes are all over the place but they only teach the very tip of what yoga is all about.

What has this got to do with security?

Well, just as yoga is not seen as much more than some awkward poses, security is often seen purely as a set of technical controls.

However, neither case is true. Yoga is made up of eight branches that together make up the heart, or trunk, of yoga:

  • Yama and Niyama – cultural and personal values or ethics;
  • Asana – the postures; the bit most people know as ‘yoga’;
  • Pranayama and Pratyahara – controlling the breath and controlling the senses;
  • Dharana, Dhyana and Samadhi – generally speaking, meditation (a focussed concentration, not a daydream).

A person is only truly practicing yoga when they practice all eight branches together as a lifestyle. These principles direct how a person thinks and acts in situations, how they conduct themselves in crises, how they look after their health and how they find relaxation in a stressful world.

That may all sound a bit cheesy but the principle of effective security is also embedded in an integrated philosophy. Security isn’t just technical controls. Security is made up of an organisation’s culture, its policies and processes, its technology and its people. If one area is deficient then an organisation’s security is not going to be as effective as it could be.

So let’s consider security as more than a plug-and-play fix for the IT guys. They might be highly skilled and very flexible in their craft, but their work is only a basis for security. Policies and procedures provide structure around that effort, and provide a bridge between people and technology. People need to understand security and how it affects them and how they can affect it, and a security conscious corporate culture ensures that it becomes second nature; the security equivalent of meditation.

Author: Anne Wood

Share This Post On