Security essentials

There's more than a grain of truth in the saying that complexity is the enemy of security. 

Complex systems, processes and situations are harder to analyze and control. There are more things to go wrong, more interactions, more states to consider, more factors to bear in mind. Complex things are generally more fragile, less resilient, more likely to fail or be broken. 

The same applies to security awareness and training. People can only take in so much new stuff at a time.

I've blogged before about today's information overload, people constantly working on interrupt with a million distractions. If we make our awareness stuff too hard, requiring too much time and attention from the audiences, they won't bother so we're not going to achieve much.

Two complementary awareness and training approaches to address this issue are:

1. Break the awareness and training content into discrete chunks - bite sized pieces from which to construct the whole jigsaw; and
   
   
2. Simplify each chunk as far as possible. Make the pieces tastier, more digestible.

So, what does that mean for our next topic? We have already decided on the chunk, and as I said yesterday, we're well on the way towards defining the scope. At the same time however we're complicating matters by stitching together incident management and business continuity management, so we need to work on simplifying the content.

An approach that usually works well for me is to visualize the topic area in the form of a mind-map with a central blob for the title and satellite blobs for each of the main aspects, breaking those down further as appropriate and making links between related parts. Sometimes it takes a couple of iterations to get down to the nitty-gritty, just the key aspects in a logical sequence that makes sense but that's pretty easy with a graphics program or indeed on paper with pencil and eraser. 

Perhaps this month I'll try condensing the topic down to its essentials on a Post-It Note-sized mind map, hopefully without having to resort to a super-fine pencil and magnifying glass. Wish me luck!