It has been great preparing for this years ISF Congress for a number of reasons, not least of which has been looking again at the Datatopia work we did last year and considering the links to the work completed by the Analogies Project. This has been done in preparation for sharing, with a global audience, some analysis we have completed on the futurist stories and analogies that are out there to help us understand differences in geography, business verticals and attitudes to information security.
Using analogies and stories to engage organisations about specific, sometimes complex concepts relating to information technology is a technique we have used a great deal over the last three years, in particular in the information security field. Telling a story of the consequence of information security risks can bring home to any part of the organisation the need to consider information security and the benefits it can bring. Using analogies such as the need for having car insurance and relating that to information security has engaged my organisation on many levels. It has enabled an excellent level of buy-in to be achieved and seen the organisation achieve a high degree of understanding of information security which in turn translates to compliance and reduced risk.
In the last twelve months we have worked with Gartner to describe the concepts of Business Intelligence in 2030 and with the Analogies Project to create stories that demystify the complex. For ISF Congress we have linked these two process under the banner of ‘Secur-a-topia’.
Firstly let us consider what do we think information security would look like in 2030! A utopian world where many of todays issues are resolved, the web remains open, nation states have agreed terms of engagement white hat hackers work together to protect what needs to be protected and the population of the world is far more open with their personal information. Or the dystopian, Orwellian, version, the web has had its neutrality removed and every nation has its own closed boundary version, the population of the world is so nervous of digital information that the sale of typewriters and the use of ‘snail mail’ has blossomed.
Which way would you jump, which story would you use to engage your organisation I wonder? The world of the InfoSec professional is one that needs to engage on the most simple level, it is seen as being the most complex of all the corporate IT professions, or at least it is in our organisation, and it’s the one professional area that requires engagement and buy-in to succeed in its objective.
The process of collating stories about the Information Security landscape of the future was relatively simple, we simple asked other professionals from across the globe to submit stories that told of the future of information security, they could be as outlandish and fanciful as the author desired, the criteria was simple, set in 2030 under 750 words and in English please.
Then the stories began to come in, ranging from the story written on a typewriter posted to our address to avoid the zealous government of the future through to the detailed description of a day in the life of Mr. InfoSec on a drizzly day in Manchester in 2030. The number of stories that looked at the repeating ‘Snowden’ effect was interesting, the concept of an insider threat, leaking information for what some saw as the greater good appears to be something that Info Sec professionals believe will happen again.
Another theme that ran strong was the Information Security professional as hero of the day, neither driven by the great corporate monolith nor the nefarious state nation but rather here to protect the openness of the Internet and the ability for organisations to share information.
The analysis showed quite clearly the links to the major trends in technology that we have today, no major surprises there, however its how the visions see these having an impact on the way we deliver Information Security that really had an impact. A world where people are so scared of being watched and reviewed that they have reverted to a 1960s style of using information, through to a place where information is used instead of currency and the barter rule is managed by Information Security specialists, here we see the Info Sec specialist as the banker of 2030 and all that you can imagine goes with that.
If you are at ISF Congress this year come and hear Bruce Hallas of the Analogies Project and I try and take the audience through some of these thoughts and have a little fun with some of the stories that were produced.
After the event we will post here more of the details of the analysis…