The Desolation of Awareness – 3 – One Sense to Rule Them All

By Eh’den (Uri) Biber

 

What do the colour blue and information security have in common? The fascinating world of the mind.

Prologue

One sense to rule them all, one sense to find them,

One sense to bring them all and in the darkness bind them

In the Land of the mind, where the Shadows lie.

(Paraphrasing J.R.R. Tolkien)

Continue reading

The Desolation of Awareness – 2 – Making Sense

By Eh’den (Uri) Biber

 

Welcome back. Is there an information security sense like there is a sense of smell? Can we evaluate it? Why our normal definition of information security prevents us from reaching awareness? In case you missed the first article, please start there before continuing.

In this article we will look at our senses. After all the definition of awareness is all about being able to notice, and we notice via our senses.

Continue reading

The Desolation of Awareness – 1 – The Art of Noticing

By Eh’den (Uri) Biber


Why am I writing this series, and why awareness is not as straightforward as most of us perceive it to be.

 

Introduction

Awareness is a wonderful buzz word. From a very young age we are being expected to “be aware” of what’s going on and to be able to react accordingly, even though most of the people who are trying to make us “aware” have no clue what true awareness is. Blind to the beauty of true awareness we convince ourselves that we might not understand reality but at least we are aware of it, yet  nothing could be further from the truth.

Fast forwarding to “information security”, which is a domain in awareness that includes technology. There have been many discussions in our community about this topic: some people claim that information security awareness training is a waste of money and others claim it is a crucial element in making organisations secure. Continue reading

Don’t professionalize, innovatize

Don’t professionalize, innovatize

why the solution to the issues in the information security profession will not be come from creating (yet another) governing body but could arrive via innovation. (An answer to Brian Honan article on Help Net Security).

By Eh’den (Uri) Biber

Brian Honan wrote an interesting article for help net security entitled “Is it time to professionalize information security?” It covers the discussion about the call to turn the information security into a licensed practice. I highly recommend reading Brian’s article; from it I derived the following points:

  1. Customers many times are unable to validate the professional level of the so-called-experts
  2. The quality of the work being done sometimes by so-called-experts is  poor
  3. There is no accountability when the work quality is bad and leads to incidents and no independent body has the ability to “un-license” the so-called-professionals
  4. We need independent bodies to provide counter advise to interest groups (I assume privacy is a good example here)

Continue reading