Hans Monderman designed the traffic system in Drachten, in north Holland where there are practically no road markings, traffic signs or lights. He did this because he believed that if humans were trusted to interact with one another, compromises will be made.
His street layout and designs encouraged motorists,
cyclists and pedestrians to make individual negotiations at every encounter,
always with the notion that everyone just wants to get to their destination
safely. It has been a resounding success. In 2006, Drachten reported seven
consecutive years of zero fatalities.
The system is radical enough to place a children’s playground in the middle of a road forcing drivers to drive at safe speeds and also other users of the space to consider the presence of vehicles. The idea is to make something safe by making it obviously dangerous.
The influence of this approach can be seen on Kensington High Street where the railings and zebra crossings were removed and pedestrians were encouraged to cross wherever they wished. From 2006 to 2008 accidents were reduced by 44%.
I see similarities in Information Security with respects to regulation and policy. It is easy for InfoSec to quote chapter and verse of policies, standards and laws without engaging with the business members who want to move information from one place to another for profit.
Would less regulation work in Information Security? I believe it will reduce the reliance on the static codes and get InfoSec to engage more with the business. For this to work everyone has to be aware of the dangers within Information Technology.
This awareness is not geared towards less interaction but a more cautious, cooperative approach. Teams wanting to purchase Cloud services, for example, will be willing to ask the security questions of the suppliers or engage their InfoSec team more readily to assess the security of an offering.
Companies will have to build a culture of education for all members, not only focused on policy but how IT works and what are its weaknesses. There should also be fair and consistent penalties when incidents occur.
When end users are empowered to make decisions regarding the exchange of data, a company will have a larger group of people working towards its success, in a unique, secure, digital environment.