The parallels between Information Security & Sun Tzu’s-The Art of War

Tuesday, October 13, 2009

Sean Inman


I am currently reading Sun Tzu’s, The Art of War, and as I am reading this I continue to see the parallels of information security and this book.  So as I read this book I will share quotes from chapters and my thoughts on how information security relates.  Please share your thoughts as well.

This quote comes from Chapter 1 “Laying Plans”

“The General who wins a battle makes many calculations in his temple before the battle is fought. The General who loses a battle makes but few calculations beforehand. Thus so many calculations lead to victory and few calculations to defeat: how much more no calculation at all! It is my attention to this point that I can foresee who is likely to win or lose.”

I think most organizations can demonstrate a well thought out plan(s) for dealing with “predictable” security attacks such as viruses and DDoS attacks, but how many organizations are actively engaged in planning for new threats and new attack vectors?  It is very clear that preparation at every stage is vital and the laying of plans needs to be a continuous process. There is a number of organizations that have learned this the hard way by having out-of-date business continuity plans, which when executed fail to deliver the proper level of business recovery.

If organizations adopt a position of continuous planning, reviewing and revisions they will be in a much better state to cope with security attacks.

Possibly Related Articles:
Enterprise Security
Security Strategy
Post Rating I Like this!
Heather Dalberg I carry 2 books with me: Art of War & Pocket Size The Five Rings. Here is why:
I have been the target of a hacker(s) on my last project. It absolutely destroyed me. I decided the only thing I could do is go to school for IT Security for my Masters. I am preparing for the best college I can possibly get into and find funding. I began blogging for therapeutic reasons and ended up creating way more attention than I anticipated, and I'm moving my site from to a hosted domain so I can turn this into a job instead of a mental health exercise. My new site is hosted by Blue Note. I haven't built it yet, but will be in the next few weeks. I still am gun shy from the whole hacking experience. It robbed me of more than I thought. My blog ironically took me into a direction I never anticipated, right in the middle of the Iranian Revolution. I am doing what I can to remain neutral, but it's dicey information I receive and post. I have the feeling I am bound to attract the attention of hackers with this topic, but the magnitude of the problem and messages from the people have superseded my fears and I feel I need to be strong. Since I am obviously a novice, would you suggest anything for me to focus on security wise while I build the new site?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.