I have a number of useful similes that I use to describe technology (which is, technically, an analogue of the process it implements), but I use them to solve problems for clients. Just as people should understand the concept of a "cold" or "infection" to rationalize certain preventative behaviours, they should apprehend a basic concept of their systems being "at risk", "vulnerable" or "exposed".

However, what the security business has accomplished so far is instill a sense of (perhaps justified) unease about the reliability of computer systems. More mature professions have compensated for public unease by focusing on the "well being" of the customer. (The conversation, "Am I sick?", "How do you feel?" should be familiar to anyone who has visited a doctor.) Analogies are part of the answer. The other part is training geeks to provide confidence and assurance to customers to help make decisions instead of tedious, fastidious explanations.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/445/34582#34582