Last March, I wrote about the California Strategic Highway Safety Plan summit I attended, which the state was using to develop the Strategic Highway Safety Implementation Plan (SHSIP). I’ve been thinking about that a lot lately, because of something happing at work. No, we haven’t gone in the highway business.
Folks may know that (professionally) I work in the field of Computer Security, and my hobby is California Highways, hence my username. Recently, I’ve been dealing with some computer security issues at work, and I’ve notice that the four “E”s of highway safety equally apply to computer security. What are these four “E”s and how do they apply? Funny you should ask:
- Engineering. In highways, this is building roads to be safer: banking curves, cutting grooves, ensuring appropriate lane widths, etc. In computer security parlance, this refers to technical solutions: having the right antivirus and spyware tools. Having automated patching mechanisms. Having appropriate firewalls and proxies in place.
- Enforcement. In highways, this is the local constabulary, that enforces the drunk driving rules, speed limits, and other parts of the vehicle code. In computer security, this is policies and policy enforcement mechanisms (such as ZoneLabs Integrity Flex, centralized system management, etc.) that ensure that your users follow your published policies. This makes sure that the technical measures are in place and are configured correctly.
- Education. In highways, this is public awareness campaigns of safety issues: impared driving education, road condition education, drivers training, etc. In computer security, this is a key component of educating users about what to do, what not to do. How to recognize phishing. How to respond to all those prompts you get. How to know the safe and unsafe neighborhoods. How to use tools correctly.
- Emergency Medical Services. In highways, this is recognizing that accidents, despite your best efforts, will happen. Thus, you need to be able to respond quickly in order to save lives. This is also true in computer security, where you need to be able to respond quickly and effectively when an incursion does occur. Stop data from going out. Secure your networks while you recover. It may be painful, but it may also save businesses and jobs.
The Four “E”s. Just as true in Computer Security as they are in Highway Safety. I love it when my interests dovetail.