January brings a focus on resolutions and making changes. Most of us step on a scale, take a look in the mirror and vow to get in shape (lose weight). Recognizing this, we are inundated with information on dieting and losing weight. In seven months, I’ll be one of the 2000 people to race the Ironman triathlon in Lake Placid. My training includes nutrition. As I make changes to my own diet (but not dieting), the science is clear – sustained weight loss and health are more dependent on mindset and lifestyle, less on diet. Dieting, for the most part, doesn’t work.
Ironic, then, that we embrace the “security diet” approach to protecting information. Like a diet, people restrict activities and make wholesale changes that are difficult to sustain, but for brief periods. Once the audit (or event) has concluded, the restrictions and changes are lifted and its a happy return to business as usual; information is again left unprotected. The security diet, for the most part, fails.
What if instead of resolving to diet this year – for health or for protecting information – we resolved, instead, to change the way people protect information?