Visible to the public How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security

TitleHow to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security
Publication TypeConference Paper
Year of Publication2020
AuthorsFiebig, T.
Conference Name2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW)
Date PublishedSept. 2020
ISBN Number978-1-7281-8597-2
Keywordscertification, clean slate, clean-slate governance approach, Collaboration, Conferences, corporate social responsibility, DP industry, DP management, Equifax, Europe, GDPR, governance, Human Behavior, integrated circuits, ISO standards, IT industry, IT Security, IT security incidents, Licenses, Metrics, organisational aspects, policy, policy-based approach, privacy, pubcrawl, resilience, Resiliency, RNA, security, security certification, security of data

"Moving fast, and breaking things", instead of "being safe and secure", is the credo of the IT industry. However, if we look at the wide societal impact of IT security incidents in the past years, it seems like it is no longer sustainable. Just like in the case of Equifax, people simply forget updates, just like in the case of Maersk, companies do not use sufficient network segmentation. Security certification does not seem to help with this issue. After all, Equifax was IS027001 compliant.In this paper, we take a look at how we handle and (do not) learn from security incidents in IT security. We do this by comparing IT security incidents to early and later aviation safety. We find interesting parallels to early aviation safety, and outline the governance levers that could make the world of IT more secure, which were already successful in making flying the most secure way of transportation.

Citation Keyfiebig_how_2020