"For Best View, Please Open this Website on Laptop / Desktop Or Mobile"

15 August 2013 / Others

Top 5 "Don’ts" for Information Security bloggers

Application Controls Audit



After writing posts for more than a year now, I have come to the conclusion that the humour quotient in my writing is at an all time low. I just re-read one of my posts “The Android permissions conundrum…” and realised that it is dull and drab. I do not engage a reader as I used to. So, I started thinking about how to improve the content and the humour quotient in my posts…and thought of one more dull post. Here is a list of the top 5 things that I think an information security blogger should not write about.

1. Writing ‘Top 5’ or ‘Top 10’ posts

Come on, seriously, this one has to be on top. When was the last time you read a post about some top 5 or top 10 and said, “ Wow, that was an original and brilliant post.”? I think bloggers write these posts when they have no coherent thoughts about anything. “Let me just surf the web and come up with something that google displays on its first page of the search and build a top 10 list out of that.” After I get to writing the top 3, I realise that it is too much of an effort and modify the ‘top 10’ to ‘top 5’. (Now you know why I have written a top 5 and not a top 10 - it is just too much work to surf the web and copy paste 10 things. I will make do with 5)

2. Cloud

There, there now… you will find another topic to ramble about. There are marketing geniuses and then there are people who created the hype around the cloud. (I must find those guys and ask them to publicise my blog…) Before the hype, Yahoo mail and Gmail were just mail. Now they are ‘cloud based risky services’. Why do bloggers write about the cloud? Same reason why they write top 5 posts. Its easy. Information security guys already know about the risks of e-mail, it is so much easier to cover it with a wrapper called ‘cloud’ and hammer out a couple of dozen posts. There are only 2 risks to using cloud services that are really different from regular ones - “Data elsewhere, governments peek” and “Good Heavens, what if the service provider _______ (fill in your favourite risk)”. There, I have simplified cloud risks for you. Please stop writing about them now.

3. BYOD (Bring your own device)

Yes, I am a hypocrite. Yes, I wrote about BYOD here and here. I was young and foolish then. Little did I know that no amount of writing would lead to any change. BYOD is based on the fundamental principle that the top management craves fancy gadgets. No amount of writing or arguing will convince them otherwise. The companies that make those esoteric sounding software, like “Mobile Device Management (MDM)” etc., know this fact and exploit it fully. They are the ones who release those hundreds and thousands of blog posts about BYOD and how to implement it. Please stop. We know you are trying to sell. Do not disguise it as independent opinions about BYOD. No information security professional in his sane mind has ever said, “Bring on any device you have and connect it to my network. I have no worries.”

4. Credit Cards and Scams

There was once a credit card scam. There are now a hundred blog posts about it. Each one more vociferous than the other. Each one telling ‘end users’ how to secure their transactions. From following the waiter who swipes your card to never doing transactions online, there are a million suggestions, mostly disjoint, all based on either vague ideas of security or some form of practical joke. Why are such posts out there? Are they easy to write? I guess they are not very difficult, but mostly because bloggers want to get on search engines and get their link clicked. (Did you come here via a link you clicked on a search engine?)

5. Don’t assume the readers are idiots

Everyone knows that what is posted on Facebook using the ‘public’ profile is accessible to all. We don’t need ramblings on why it is not a good idea for your boss to see drunken photos of you on Facebook on the day you call in sick. What we need is ways to prevent it. Don’t assume we are idiots. We know some stuff. We want to improve. Not get bored to death with platitudes. Yes, blog posts should be such that even grandmothers should be able to understand them… and grandmothers today can use Facebook reasonably well! Give us the basics, but do not give us obvious facts and do not assume we are idiots. How to check if a post is too obvious? I have no idea. I think this post of the top 5 things is too obvious. We will know when we read it, I guess.