For several years I’ve been preaching that the key to effective security management is to harness the power of social networks to help identify risks and prevent or respond to incidents. My book Managing the Human Factor in Information Security contains a chapter on the subject.
At this week’s TED Global conference in Oxford, Internet lawyer Jonathan Zittrain of Harvard University gave a good example of how crack teams of volunteers responded to an incident in 2008 when Pakistan Telecom accidentally took YouTube offline. The service was rescued by “random acts of kindness” by unsung heroes.
Technology is spectacularly vulnerable to failures but also tremendously resilient. We just need to channel community effort in the right way. Unfortunately, they don’t teach that on information security management courses.
By the way, if you want to read more about the TED conference, Howard Wright’s blog has an excellent, comprehensive summary of the proceedings.