Information Security Is a Game, and We’re Losing
This is a game that we play every day, and you have no choice but to play. It doesn’t matter whether you’re a chief information security officer (CISO) at a Fortune 100 company or a full-time student. Here’s the game:
Our game is played on a field that is both intangible and tangible.
There are two teams: the good and the bad. The good are morally and ethically good. The bad are morally and ethically corrupt.
There are no rules. Well, that’s not entirely true. There are rules; they are mandatory for the good team and optional for the bad team.
The good team defends a goal of variable width, but it’s always significantly larger than the bad team’s goal.
The object of the game is to score goals; each goal results in a significant money or asset exchange and/or lives that are negatively or positively impacted.
There is no scoreboard, and we don’t know what the score is exactly. We just know who’s winning. If we really knew the score, maybe we’d take our game more seriously.
The game we play is a losing proposition. It’s rigged against us. Add the fact that members of the good team don’t have any viable winning strategy or method to work together, and what are we left with? The status quo is a guaranteed loss.
I hate losing. I especially hate losing to morally and ethically corrupt people. We need change.