Proven to be true again and again.
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .
If you know me, you have heard the phrase, “Awareness is 9/11’s of the Battle.” I use it in every talk, and bring it up in almost every discussion. That’s because for 20 years now I have seen . . . again and again . . . Awareness, and Awareness alone, save the day.
It prevents incidents. It lowers the impact of incidents. It helps us understand why seemingly draconian controls are in place. It greases the machinery of cybersecurity.
But, as our lead technical auditor once asked, “why not just say 9/10’s of the battle.”
I like saying 9/11’s for three reasons:
1) You remember it better.
2) 9/11’s is a little less than 9/10s (.818181818 instead of .9). I want to honor that there is much more than awareness to be done in the eight systems, but they do all include awareness inherently, and .81818181 is so much more magical! And
3) I coined the phrase, Awareness is 9/11’s of the Battle, when we had to postpone a workshop in 2001. The phrase just came to me, when I noticed we as a nation were far more secure the day AFTER 09/11/2001 than the day before. And we had done nothing, except . . .
. . . become aware.
Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex
”Dan’s New Leaf” is a ”fun blog to inspire thought in the area of IT Governance.”