Over the past few days, I have been deeply immersed in the world of medicine and hospitals, an undeniably crucial field for sustaining human life. Interestingly, the field of information security (infosec) is often viewed in a similar light, that of being indispensable.
Recently, a family member of mine was admitted to a 24/7 healthcare facility, providing a unique perspective on operational efficiency that seems both surprisingly simple and profoundly effective:
- Each staff member adheres to a fixed work schedule.
- Once their shift is over, they meticulously hand over responsibilities to the next person.
- This cycle of transfers of responsibilities is facilitated by a common register, detailing all actions undertaken, allowing transparent continuity and accountability.**
Drawing a parallel with information security, we are faced with a completely different reality:
- The sector is grappling with a serious staff shortage.
- Handovers, if they take place, are often disorganized, leading to avoidable complications.
This thinking was further reinforced at a recent seminar where the speaker drew parallels between the aviation industry and infosec, concluding that the adoption of checklists and in-depth documentation could be revolutionary for our field. I have long advocated that infosec remains more of an art than a science, primarily because there is a prevailing belief within our community that our work is shrouded in a kind of “magical” complexity.
However, the simplicity and efficiency observed in the healthcare environment highlights an opportunity for significant improvement in information security. Perhaps it is time to reconsider our resistance to structure and documentation, recognizing that these elements can coexist with the artistry and agility that define our field. Adopting a more standardized approach could very well be the key to advancing our practice, ensuring not only the sustainability but also the elevation of our crucial work.