Tuesday, 2 March 2010

Scenario thinking

To explain IT security risks to the business or customers it is good to tell a story. The story should take the listener into the story to explain why an IT solution has certain risks. The story shouldn't start with the "bigbang accident" that could to the system, but gradually taking the listener along its path.
Scenario thinking is part of architecture books like Software System Architecture - working with stakeholders using viewpoints and perspectives. The method of scenario thing is described, but one would need inspiration too. Popular literature could give this inspiration.
Lately a number of good samples were published as regular thriller stories. Daemon by Daniel Suarez is sold in Amsterdam bookstores in the Science Fiction section, but in fact it uses mainly of existing technology.
Core in the book is the use of VOIP systems that are activated by a daemon process, that scans the Internet news sites for certain news facts. When a certain news fact happens the Daemon using VOIP calls people and using voice recognitions lets them generate new news facts. So on and so forth. This part is the best part of the book. Existing technology "miss used" to break the system of society. The security specialists in the book use standard security technology to find where a daemon or Trojan is running. Off course the book also has its standard I don't understand and don't want to understand IT character, but allot of people in the book take it serious and are not putting IT security in the Geek corner.
The story further develops into a "Hollywood" Armageddon style in which "Autonomous Vehicles" and "Laser-Induced Plasma Channel Weapons". This is also based on existing technology, but for a simple IT person, just a bit too much. I like it better when it is not right away that the whole world is collapsing, but just the world of a few people. e.g. this part of the book would have been better if this was Hitchcock style instead of Bruce Willis. That is the way the first 200 pages develop.
But all in all the book to read for IT and specifically IT security people.
I'm not going to tell you how it ends, because I don't know. The IT consultant that wrote the book, was at page 1200 when he decided that two books might be better for sales.
The second part called Freedom, I still need to read. Hopefully this will give some inspiration for more scenario thinking too.

The fact that IT security is not just a "front runner thing: anymore. It is on its way into the mainstream. Hopefully IT business will follow on its path ......

No comments: