 |
| Image from Pixabay |
Despite the fact that they aren’t ducks, I am inclined to call them Huey, Dewey and Louie: the three monkeys that escaped from Apenheul last week. They had only been living in this Apeldoorn zoo for a week, but apparently they were so unhappy with this accommodation that made an escape plan. Tranquilizer darts and a firm jet of water from the fire brigade were needed to get them back into their cage.
Which
brings me to the expression: having a monkey on your back. I only know it with
a negative connotation, because it means that you have a job to do or a problem
to solve that you are not really happy with. The search engine returns this for
the search “monkey back”, from an educational institute: “Monkey on your back?
Learn the art of giving back.” A competitor is a bit more aggressive: “Watch
out! Avoid the monkey on your back.” In short: having a monkey on your back is
not a pleasant thing.
In
this context too, there are sometimes monkeys that break out and end up in
places where they don’t belong. Those monkeys are not sitting on the back of
the right keeper. How does it end up there? Sometimes in a very strange way.
For example, I once heard this remarkable statement: “Information security
starts with an i, so the IT department owns it.” Can you imagine a worse reason
to assign a subject to a certain department? I can’t.
By
the way, it is not at all unusual – but therefore not necessarily wise – for an
IT department to be promoted to the owner of information security. Because,
well, information security is about computers, isn’t it? And computers belong
to IT. Right?
What
does 'ownership' actually mean? In private life, it usually has something
positive: you are the proud owner of a beautiful house or a trendy bike. It
also means that you have to take good care of it if you want to enjoy it for a
long time. In business terms, you can also be proud of things that you own.
Perhaps you derive a certain status from it. However, when it comes to
maintenance, the story is somewhat different than in your private situation.
There you could still decide for yourself whether to do maintenance, but in
business terms you bear responsibility towards the organization. You cannot
just let things take their course, because that could mean that people
elsewhere in the organization will experience problems as a result. Or more
definitely, actually: sooner or later someone will suffer from poor ownership.
Fortunately,
many people in our organization are aware that information security is not an
IT thing. You can see that, for example, from the fact that we have business
security officers (BSOs). These are security officers who work for the business
departments. And yes, in IT we also have security officers (also called
information security officers (ISOs)), but they only deal with the items and
services that IT makes available to the organization – and not with whatever
the organization (‘the business’) actually does with them.
For
many employees, the BSOs are fairly invisible. I know this because we, the
ISOs, often receive questions that actually belong to the BSOs. An employee who
encounters a security issue or simply has a question, goes looking for someone
who can take the monkey on their back. They often knock on my specific door:
"You are the only information security officer I know, because of your
blog." No problem at all, I am happy to refer them to their own BSO. Many
times I prefer this to a question or report remaining unanswered.
Do
you know your BSO? If not, go and find them and have a chat. Even if nothing is
wrong. They are very nice people.
And in the big bad world…
- Signal is really more secure than WhatsApp. [DUTCH]
- Apple faces an impossible choice due to UK legislation requiring a crypto backdoor.
- Of course the Americans are not at all happy with that British law.
- France also wants a backdoor.
- Dutch cloud pessimism is attracting international attention.
- North Korea has stolen $1.5 billion in a digital bank robbery.
- we have a new word: vacancy fraud. [DUTCH]
- AI chatbots gobble up information that was accidentally briefly exposed.
- Many Dutch companies avoid using AI for privacy reasons. [DUTCH]
.jpg)
No comments:
Post a Comment