This video was inspired by the old five monkeys in a cage experiment. Unfortunately, you can often observe security professionals and especially auditors exhibit such behaviour. They are ‘taught’ at one stage of their life that something is secure and the way to do it. Often referred to as ‘best practice’. The problem with this approach is that they will blindly apply this logic to every and any scenario without taking the time to understand the organisation or the business drivers.
Do you have any such observations of security professionals behaving more like security monkeys? Please do share.
One thought on “Best Practice and security Monkeys”
It’s not just security professionals. I think this covers ‘human nature’ very well and our reluctance to accept change.
Managers who have been on a number of training courses over their career often exhibit the same type of behaviour. They see management as a science and follow the textbooks.