The Analogies Project has made a difference to the way my organisation thinks about Information Governance and Security!
Given the opportunity to be a contributor with an analogy I jumped at the chance. My first one, ‘Why is Information Governance like car insurance?’ was a labour of love. It seemed to make sense straight away. The second analogy to be submitted was regarding how Information Security could be managed in the same way as the Rosetta satellite is by the space agency team, obvious really!
Then something truly different came along. The RANT conference asked the project if a number of contributors would talk about the Analogies Project live on stage, and in a moment of madness a group of us decided to do Analogies live.
So my live analogy, ‘Why is an Information Security expert like an Ibiza bound Superstar DJ?’, went something like this…
Creating a set list without knowing the crowd is one of the hardest jobs of the DJ. Putting the sounds together for the evening’s dancing without being able to see the change of the mood of the ‘revellers’. Just like the Information Security professional who is trying hard to develop tools, processes and solutions that an organisation needs its ‘revellers’ to dance to. Elements that provide the organisation with assurance of its security position. A great DJ has an idea of a set list but is able to change that list if the mood changes as the event builds. A successful Information Security professional is able to use the kit approved and built to protect the organisation but also reach out into the wider world and get at new tools as risks change and escalate.
Staying ahead of the new sounds is the route to success for a DJ blowing away a crowd in sunny Ibiza. The Information Security manager has to do the equivalent; has to stay up to date with what is new; what the organisation risks are and what new tools are there to be used to protect and assure the organisation. For the DJ they need to stay aware of the latest trend, the latest artist to be remixed by the most note-worthy producer. The Information Security manager needs to be able to be sure that the latest versions of systems, software and risk analysis are in place and being appropriately used by the organisation.
Using new technology but staying aware of the warmth of the old is one of the tasks that a modern DJ needs to have. The Information Security expert needs to mirror this skill, ensuring that tools from yesteryear that still provide protection and are loved by the users are applied just as strictly as the new cutting edge technology that delivers different types and levels of protection.
The drop of the hottest new song at the right time is the skill of the DJ. To build the crowd in anticipation and then play the introduction of the song or series of songs that the crowd have been waiting for will make so many people’s night. The Information Security manager also has to know when to drop the right solution or piece of analysis. The Information Security manager that drops too soon can be seen as being on the ‘bleeding edge’, taking risks for the opportunity to be ‘in fashion’. If the Information Security Manager drops too late then the organisation has been left at risk to the latest impactful elements.
Where to play and where to advertise can make or break a superstar DJ. The Information Security manager needs to be as aware of this concept as the DJ, ensuring that the engagement and the advertisement of ‘how to’ is targeted at the right levels and for the right customers.
The superstar DJ wants to create loyal fans of what he does – his art is to use others’ capability in different ways to attract an audience of his own. To me this is the closest comparison to what my organisation is doing in the information security field. Taking best practice and common practice, pulling ideas together and then ensuring that the organisation can adopt them as easily as possible, creating fans of information security throughout the organisation.
Using an analogy means to me that a concept can be made clear to someone who doesn’t have, and doesn’t need to have, a detailed understanding of the background. The Analogies Project brings a concept home to the reader and hopefully makes the understanding easier and in some cases fun.
Imagine Analogies live, five different contributors delivering the ideas they have for Information Security. Analogies included ranged from Van Halen’s rider on tour to the trenches in 1914 to the desire to purchase high-end shoes. With a range this wide there is always something that strikes a chord and gives the listener chance to apply an entirely different view of how to ‘sell’ the concepts of Information Security.
For more analogies to choose from visit the Analogies Project web site where you will have access to the library of previous ideas.