Fri, 20 Jun 2008 08:43:22 GMT

Here is a thought for you: "The entire information security industry today is based on fear". The fear of getting hacked and your integrity and reputation being publicly jeopardized and challenged.

This is what gives security vendors the power to sell you useless products which you don't really need.

yeah, I guess not only products, but many services company are behaving the same... :/
ronald, I guess there is more to fear as you are suggesting... thanks for the feedback.
Awesome AnDrEwAwesome AnDrEw
I had attempted to comment on this post previously in the day however I was met with a database connection error, which resulted in my response being lost in the great depths of the internet. Fear is not only the greatest and most powerful underlying threat to security, but also to every single solitary aspect of our overall humanity. It is an authoritative tool, which has been used since the dawn of man to control our very existence, and quite a useful and productive one at that. Religion, governments, society, mass media outlets, corporations, et cetera are all culprits of manipulating the way in which individuals interact with not only eachother, but also themselves by forcefully usurping our natural rights to individualism, freedom, and most importantly autonomy in order to cause us to remain docile. I know Ronald certainly has (http://www.0x000000.com/index.php?i=588), but have you ever given much thought to the fact that we as people do not "own" our own existence? Instead the "wolves in sheep's clothing" are able to persuade everyone within their grasp into giving up a little bit more of their ability to think under the guise of security, or the ruse of some other unspecified benefit. Until the moment when human beings cease completely fear will always remain a large part of our lives. "Crush the weak, uphold the strong." No "Gods", no masters.
Reminds me of an article by Bruce Schneier: The Psychology of Security http://www.schneier.com/essay-155.html In his book Mind Wide Open, Steven Johnson relates an incident when he and his wife lived in an apartment and a large window blew in during a storm. He was standing right beside it at the time and heard the whistling of the wind just before the window blew. He was lucky--a foot to the side and he would have been dead--but the sound has never left him: But ever since that June storm, a new fear has entered the mix for me: the sound of wind whistling through a window. I know now that our window blew in because it had been installed improperly…. I am entirely convinced that the window we have now is installed correctly, and I trust our superintendent when he says that it is designed to withstand hurricane-force winds. In the five years since that June, we have weathered dozens of storms that produced gusts comparable to the one that blew it in, and the window has performed flawlessly. I know all these facts--and yet when the wind kicks up, and I hear that whistling sound, I can feel my adrenaline levels rise…. Part of my brain--the part that feels most me-like, the part that has opinions about the world and decides how to act on those opinions in a rational way--knows that the windows are safe…. But another part of my brain wants to barricade myself in the bathroom all over again. A very long article but worth a read. I have another fear to add to that first sentence. The fear of getting prosecuted (or fined).
I failed to notice Ronald's article but now I've read it. My take on the whole thing is the following: There are leaders and there are followers. Some people don't like to think for themselves. Ignorance is a bless, as we say. If you want to be part of the system then it is OK, but if you want to be free then you can do that too. Now, regarding the fear thing. I agree that fear is used as a tool for far too long. The only way to learn how to fight it is to learn how it works or why it works. And to that, all you need is the question. The question to fear is Why I am afraid? or maybe even, What's the worse that can happen?, I guess, since all our fears come down to our existential needs.
Bruce Schneier has been saying this for years. I recommend you read his latest book. Beyond Fear.
Harvard Business Review, March 2008, pg 139
If fear leads one to make prudent decisions then it's good. If it leads to panic then not good. More often the problem is denial or the unwillingness to consider what happens if you don't have good security. Some of my customers seem to practice the "if I maintain plausible deniability" then I do not know then I can't be held accountable. The problem is this eventually comes home to roost. Myself, I prefer to know and deal with healthy fear then do something to fix the problem. I'm not sure if that's an existential need or not.
People outside our security circle have been saing this since the seventees, it's not new, but it's still interesting. Schneier is just good at hiding it's sources. Most what Scneier talks about I don't agree on, like his movie plot theories. Well, contemplate this. If a movie is being made where a plane hits a building, he would say: it would never happen, it's a movie. But it did happen. When a bomb on a subway is planted -think diehard with a vengeance here- Schneier would say that's a movie plot, but it did happen. Expect the unexpected I would say. As far as people who are willing to follow instead of leading, I think that is a mistake also, because how far are they being influenced to be a follower, or a leader? and in which way. What is their false sense of freedom and power? I know, it's money and materialism instead of being spiritual unbiased free entities which every human basically is. How many times have you heard in your life that you belong in 'that' group, not 'this' group. ot you should do 'this' and not 'that', buy this and not the other products. Have anyone every stopped to think a couple of minutes and question how deep the influence really goes, and what thoughts are your own? It's hard not to be influenced. It's everywhere, the music they play in supermarkets, the scents they spread which trigger a hungry feeling in order to buy more goods, the use of female shapes in marketing campaigns, peer-pressure, mass-media. Honestly, I think the 'mass' is created in some sense. Made slumberous, and numb. Afterall it's taught behaviour, usually from their parents who also are trapped into such system. I think everyone is equal, and have the same potentiality. (unless you are sick) But the difference is that some get the chance to deepen their potential because they are hard to influence, or found a snippet of wisdom that taught them to listen to your own feelings and intuition. That, makes a free person to me.
How do you know that those that influence the masses are not influenced themselves by the mutual influence our society have. I don't believe that those that are in power are not influenced just because they know that everything else is made up. It is a vicious circle.
Given the negative impact that the constant barrage of strategic FUD has had on the psychological wellness of Americans in the wake of 9/11/2001, it might be interesting for someone to do a study of the psychological impact that actually working in the fear industry has on the mentality, well being, creativity, and adventurousness of the average security practitioner. What does living with the terror rainbow permanently set to orange due to the human mind and nervous system? Perhaps I will submit this to a CFP. :)
this could turn into a good topic to research. I am sure that Schneier will be interested.
reminds me of the brand killer robots site over at intrench.com. They talk a lot about fear and the impact of it and they are constantly mocking the security industry for it. http://intrench.blogspot.com/2007/12/is-it-security-industry-one-big-fishy.html sars