All the family went to Berkhamsted Castle last Sunday. It was a sunny day and lots of people were camped out on the grass where an entire community once lived under siege for two weeks. The area looks small today but I can imagine how an entire town can live within the once formidable walls and function on a normal basis.
Castles are part of the iconography of defence and in InfoSec they have been used to illustrate many different aspects of securing information. It is also instructive that they are used to represent an idea of what should be happening when we say we are protecting information.
The popular portrayal of a castle is of a redoubtable village under siege. InfoSec has had this analogy at its disposal from the early years of enterprise networks and it has served its purpose in explaining what was considered good security.
With the castle parallel you get the idea that the castle’s inhabitants could rely on the knights to balk any attack. A network was a complicated, engineered system that protected the company’s data and all who processed it. The metaphor has been tried and tested and it is understood by all.
I will like to add another observation about castle life that is applicable to today’s porous networks that handle consumerisation and Cloud services. With these two challenges you can no longer employ the siege scenario because it suggests that the gates are open while the castle is under attack.
In the life of many castles, attacks will have been occasional. Much of the time, life will be lived under normal conditions with commerce carried out in all spheres. The nearby farmland had to be worked, the livestock tended, trade with other groups and recreation outside the confines. A castle could not be sustained without these comings and goings.
The preparedness of the castle dwellers to revert to ‘lock down’ and to play their part in the survival of a siege will have been important. What did they understand was their expected behaviour when outside of the walls? After a long period of peace, would they have changed behaviours, perhaps be more welcoming to strangers? Will they go out to the fields alone? Did they know what villages were safe to visit? Did they still keep old secrets?
Today, InfoSec could exercise that story of the castle but add that the experts have a duty to raise the level of awareness in all staff about what part they must play to protect the company’s information.
Without trade, villages/company’s die. The knights/InfoSec are skilled with the tools of defence. Dwellers have to work and ensure the castle prospers. In war and in peace, NO ONE! must divulge the source of the castle’s well water.
Comments
You can follow this conversation by subscribing to the comment feed for this post.