Finding The Hidden InfoSec Story

The Power of Three


It is not long when starting to review work by the brothers Grimm that you start to see the power of the triad appearing. In Western Judo-Christian mindsets the godhead trilogy dominates (father, son and holy ghost), however this is not the original source.

If we step back six or seven hundred years before the birth of Christ we see the Greek empire rising and the amazing principles set down for rhetoric. Rhetorical devices are those used to illustrate and support discourse and discussion. Particular examples would be the use of Rhetorical questions and the power of the triad. In all things, two seems to too few and four seems to many; three is just right. Whether this be Goldilocks and the three bears, the Wolf and the Three Little Pigs or in the case of Grimm specifically, the Three Little Men in the Wood, the Three Spinners or the Three Languages.

Obviously in the world of infosec we see three appear regularly in things like password retries, but more generically three is used in Grimm in the way we use it for getting the levels right. Too much security is restrictive and too little is dangerous but just the right amount is, well, right.

How do we get people to understand which of the beds belonging to the bears is right for her?   How do we illustrate that only one bowl of porridge is suitable for her needs. We use stories of this nature to draw parallels with the modern and far more dangerous and risky world we live in.

Maybe an additional learning point here is that being open to danger and providing guidelines as opposed to prescriptive instructions, can enable the end user to develop their own defence and alert system to the risk of being hacked technically or socially.   Awareness as is often mentioned, appears to be everything as forewarned is forearmed.

Author: Dave Brooks

Share This Post On