On Security and Motivation

Monday, October 04, 2010

Javvad Malik

99edc1997453f90eb5ac1430fd9a7c61

I know exercise is good for me, I know eating junk food is bad and that I need to improve my posture when sitting at my desk.

The problem generally lies with a lack of motivation. After all, little niggles come with age and most people my age experience an expanding waistline.

So, I sought out the advice of some of my friends who are physically in better shape to try and get some tips on how to motivate myself into leading a more healthy life.

My approach, albeit a unscientific one led me to probe 10 people for answers, the responses were:

  • To make themselves more attractive to the opposite sex – 5
  • To help with sports – 2
  • To fit into a wedding dress – 1
  • To intimidate others (they are club bouncers) – 2

Which left me scratching my head wondering why none of these fit people exercised for health reasons. I suppose most people who want to exercise purely for their health are a bit like me and lack the motivation to do so.

I mean, unless you have great willpower (which I don’t), you need a tangible goal to help keep you on track. That goal is what you strive for and the health benefit is more of a side bonus.

So if you’re preparing for a marathon, it’s easier to wake up at 5am and go running mile after mile and watching your diet because you have a specific goal.

The fact is that, unless there is a problem and a doctor advises us that we should walk for 30 minutes a day, or a close friend or family member is diagnosed (or worse still succumbs) to a serious illness, we tend to put health issues on the back burner because it’s difficult to measure how good or bad our health is at any given point in time because if we feel fine, we don’t bother.

Which is quite similar to how companies treat information security. Yes, it’s an important issue which most people recognize, but without the immediate tangible benefits, it’s difficult for most businesses to get excited about it.

You can implement the best security advice, but no-one can guarantee you’re company will be 100% secure. Just as no doctor will ever guarantee your health even if you follow the exercise and diet plan religiously.

There probably aren’t many companies who practice good security just for the sake of security.

Much like my 10 friends, security is driven by other objectives such as trying to impress another company so as to win business, because the regulators told them they had to, or because a rival company had just been breached.

The question boils down to, what is your companies real motivation to being secure? If that can be understood, the security benefits can be understood a whole lot better too.

Cross-posted from www.quantainia.com 

Possibly Related Articles:
7165
Policy
Policy Management
Post Rating I Like this!
Dd9902bc56a9d85cdc62c00083ea4871
Katie Weaver-Johnson Great comparison! I think it is important for organizations to realize why a comprehensive security program is critical. As you said, organizations may be motivated by regulatory requirements, fines, lessons learned from other breaches or by competitors, but whatever the motivation, the end result should still be security.
1286314813
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.