12 Steps of IT Security Anonymous

by | Apr 29, 2009 | Ideas & Insights

by James Costello

The scene opens on a small room in a coffee house in any town. A group of geeks sit in circle drinking lattes, cappuccinos and double shot skinny caramel macciatos.

One man stands and says “My name is James and I am addicted to IT security.”

(Group responds): Hi, James.

All right, I am not really addicted to IT security, but the 12 steps that those working through their own issues rely upon, can teach us a few things about our own work.

12 Steps of IT Security Anonymous

  1. We admitted that we are powerless over security – that our lives had become unmanageable.
  2. We came to believe that a device or application could return us to sanity.
  3. We made a decision to turn our will and our lives over to the care of the device or application.
  4. We made a searching and fearless inventory of our networks, servers, and computers.
  5. We admitted to our boss, to ourselves, and to another human being the exact nature of our security problems.
  6. We are entirely ready to have all these system defects removed, some requiring root access.
  7. We humbly asked the administrators to remove our system shortcomings.
  8. We made a list of all persons we had wrongly allowed access and became willing to amend access lists.
  9. We made direct amends to access lists whenever possible except when to do so would wrongly deny access to shoes with appropriate permissions.
  10. We continued to take network, server and workstation inventory and when we found problems corrected them.
  11. We sought through prayer, hopefulness, and a bit of luck to avoid any serious security incidents.
  12. Having made a mental awakening as the result of the steps, we tried to carry this message to other security professionals and to practice these principles in all our network and system operations.

Maybe I am stretching a bit with this, dear reader, but we can learn a lot.

  1. Admitting that there is an issue makes resolving it faster and more straightforward.
  2. Directly pursuing a resolution to an issue will also reduce its length and severity.
  3. We are not alone in our work; seeking assistance and advice will speed resolution and provide opportunities to learn from our peers
  4. No one device or application will resolve all of our security problems, but we need to have an integration plan to utilize the strengths of each device or application and mitigate the weakness of each as well.
  5. We must be ready to work at it continuously because there will always be new challenges coming forth.

So dear reader, are you ready to admit you have problems and get to work on resolution?