Thursday, January 8, 2009
Risk management and kids
I was relieved to read this post from Stuart King today and see that I'm not the only one that is worried about the way that parents are behaving to protect their kids.He mentions the problem of allowing kids to go walking alone to school, using some good risk management concepts to illustrate how irrational people can behave when trying to protect their children. I lived my childhood on a place that even at that time was quite more dangerous than most of North American cities today, but even there I was allowed to go to school alone since 9 years old. My wife is one of those that tends to be over-cautious about kids, so I'm glad that we came to Canada to have our kids here. It would be hard to discuss this kind of subject with her in the middle of Sao Paulo security paranoia.Security perception is something interesting to watch. It's impressive to see the differences from how Canadians think and behave in terms of security (crime related, not Infosec) and the differences from my perceptions. I can clearly see that they worry about things that would never bother me and that I'm usually much more aware of what is happening and people around me are doing at the streets than them. As I was talking to a Canadian friend, some things that could be considered common to me (like armored cards to avoid gun point robbery) are seem as extreme situations to him. I can easily see some similar situations on Information Security. That's why it's very important to security professionals to be aware of the business and its environment. A CSO switching from one organization to another needs to understand the differences, not only internally (controls in place, organization culture, general employee security awareness, etc) but also on the threat landscape. Sometimes we meet a guy that is putting a lot of effort on a threat that is not really causing high risks, only to find later that that was a huge problem on the organization he used to work before.So, adding to Stuart King advice on avoiding being fooled by risk perception, try also to stay aware of threat differences from one place to another. You might be fighting the right battle in the wrong war.