Finding The Hidden InfoSec Story

The Wolf, the She-Goat and the Kid

illustration of the Brothers Grimm fairy tale "The Wolf and the Seven Young Kids"

In the fable, ‘The Wolf, the She-Goat, and the Kid’, Aesop tells a story which has proven entertaining and relevant to this day.

This fable is of a She-Goat who leaves her home to search for food, and in order to keep her child safe, instructs the Kid to open the door only to someone who gives the password ‘A plague on the Wolf, and all his tribe’.

The Wolf overhears this conversation, and once the She-Goat is safely away from the dwelling repeats the password in order to gain entry. The Kid, whose suspicions are aroused, insists on seeing the visitor’s beard before opening the door.

The fable itself is short, but as with many of Aesop’s works, it offers great practical wisdom. It also has analogies that show they are relevant in the field of information security, particularly for two factor authentication.

An interesting note is that the protagonists can represent different elements at the same time. For example, The Wolf can readily compare to a malicious attacker. The She Goat could represent an Administrator who has provided insufficient measures to defend against a known threat. The Kid can be seen as representing a diligent information security professional who sees the weakness of the system in place and manages to thwart the attempted access attempt by insisting further proof of identity.

The characters could just as easily be seen to represent the Wolf as an opportunist employee who manages to obtain access information that he should not have possession of, and use it for personal gain. The She-Goat could represent the business itself which isn’t paying enough attention to the possible threats out there. The Kid can also be seen as the ‘crown jewels’ of the company…The Wolf is certainly seeing this as a free lunch after all.

Whichever view seems more readily apparent, it seems that there are parallels for today, in that threats may change in the manner of implementation, but have essentially been occurring for a long, long time. One may find it particularly fitting that the Kid, who is not convinced of the integrity of the password giver, insists on two-factor authentication using what can be viewed as Biometric Authentication by seeing the beard of the visitor!

Though the fable is over two thousand years old, Aesop’s moral sums up the dangers of relying on a single method of checking the authenticity of those trying to gain entry:

‘Double proof is surest.’

Author: Paul Farmer

Share This Post On