How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security

Tobias Fiebig

doi:10.1109/EuroSPW51379.2020.00018

How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security

Tobias Fiebig^*

^*Corresponding author for this work

Information and Communication Technology

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

2 Citations (Scopus)

Abstract

"Moving fast, and breaking things", instead of "being safe and secure", is the credo of the IT industry. However, if we look at the wide societal impact of IT security incidents in the past years, it seems like it is no longer sustainable. Just like in the case of Equifax, people simply forget updates, just like in the case of Maersk, companies do not use sufficient network segmentation. Security certification does not seem to help with this issue. After all, Equifax was IS027001 compliant. In this paper, we take a look at how we handle and (do not) learn from security incidents in IT security. We do this by comparing IT security incidents to early and later aviation safety. We find interesting parallels to early aviation safety, and outline the governance levers that could make the world of IT more secure, which were already successful in making flying the most secure way of transportation.

Original language	English
Title of host publication	Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
Publisher	IEEE
Pages	67-74
Number of pages	8
ISBN (Electronic)	9781728185972
DOIs	https://doi.org/10.1109/EuroSPW51379.2020.00018
Publication status	Published - 2020
Event	5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 - Virtual, Genoa, Italy Duration: 7 Sept 2020 → 11 Sept 2020

Publication series

Name	Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

Conference

Conference	5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
Country/Territory	Italy
City	Virtual, Genoa
Period	7/09/20 → 11/09/20

Keywords

GDPR
Governance
IT Security
Policy

Access to Document

10.1109/EuroSPW51379.2020.00018

Cite this

Fiebig, T. (2020). How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security. In Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 (pp. 67-74). Article 9229815 (Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020). IEEE. https://doi.org/10.1109/EuroSPW51379.2020.00018

@inproceedings{75dbd0bb24be4fef899c3b6720f743a2,

title = "How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security",

abstract = "{"}Moving fast, and breaking things{"}, instead of {"}being safe and secure{"}, is the credo of the IT industry. However, if we look at the wide societal impact of IT security incidents in the past years, it seems like it is no longer sustainable. Just like in the case of Equifax, people simply forget updates, just like in the case of Maersk, companies do not use sufficient network segmentation. Security certification does not seem to help with this issue. After all, Equifax was IS027001 compliant. In this paper, we take a look at how we handle and (do not) learn from security incidents in IT security. We do this by comparing IT security incidents to early and later aviation safety. We find interesting parallels to early aviation safety, and outline the governance levers that could make the world of IT more secure, which were already successful in making flying the most secure way of transportation.",

keywords = "GDPR, Governance, IT Security, Policy",

author = "Tobias Fiebig",

year = "2020",

doi = "10.1109/EuroSPW51379.2020.00018",

language = "English",

series = "Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020",

publisher = "IEEE",

pages = "67--74",

booktitle = "Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020",

address = "United States",

note = "5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 ; Conference date: 07-09-2020 Through 11-09-2020",

}

Fiebig, T 2020, How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security. in Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020., 9229815, Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020, IEEE, pp. 67-74, 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020, Virtual, Genoa, Italy, 7/09/20. https://doi.org/10.1109/EuroSPW51379.2020.00018

How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security. / Fiebig, Tobias.
Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020. IEEE, 2020. p. 67-74 9229815 (Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - How to stop crashing more than twice

T2 - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

AU - Fiebig, Tobias

PY - 2020

Y1 - 2020

N2 - "Moving fast, and breaking things", instead of "being safe and secure", is the credo of the IT industry. However, if we look at the wide societal impact of IT security incidents in the past years, it seems like it is no longer sustainable. Just like in the case of Equifax, people simply forget updates, just like in the case of Maersk, companies do not use sufficient network segmentation. Security certification does not seem to help with this issue. After all, Equifax was IS027001 compliant. In this paper, we take a look at how we handle and (do not) learn from security incidents in IT security. We do this by comparing IT security incidents to early and later aviation safety. We find interesting parallels to early aviation safety, and outline the governance levers that could make the world of IT more secure, which were already successful in making flying the most secure way of transportation.

AB - "Moving fast, and breaking things", instead of "being safe and secure", is the credo of the IT industry. However, if we look at the wide societal impact of IT security incidents in the past years, it seems like it is no longer sustainable. Just like in the case of Equifax, people simply forget updates, just like in the case of Maersk, companies do not use sufficient network segmentation. Security certification does not seem to help with this issue. After all, Equifax was IS027001 compliant. In this paper, we take a look at how we handle and (do not) learn from security incidents in IT security. We do this by comparing IT security incidents to early and later aviation safety. We find interesting parallels to early aviation safety, and outline the governance levers that could make the world of IT more secure, which were already successful in making flying the most secure way of transportation.

KW - GDPR

KW - Governance

KW - IT Security

KW - Policy

UR - http://www.scopus.com/inward/record.url?scp=85097066139&partnerID=8YFLogxK

U2 - 10.1109/EuroSPW51379.2020.00018

DO - 10.1109/EuroSPW51379.2020.00018

M3 - Conference contribution

AN - SCOPUS:85097066139

T3 - Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

SP - 67

EP - 74

BT - Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

PB - IEEE

Y2 - 7 September 2020 through 11 September 2020

ER -

How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cybersecurity (TPM)

Cite this

How to stop crashing more than twice: A Clean-Slate Governance Approach to IT Security

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Projects

Cybersecurity (TPM)

Cite this