The Security Tarot: Trump 1, The Fool

I’ve decided to have a little bit of fun today, since talking about the same topic every day can be boring without putting different spins on it. And it’s Friday after all. Anyway, today I’m kicking off a “Security Tarot” series where we examine infosec through the lens of the tarot. I’ll post these as they seem relevant and illustrated by happenings in the industry – maybe they’ll get posted quickly, maybe slowly, maybe not at all. Anyway, here goes.

The first trump in our security tarot deck is the “The Fool.” Signifying infinite and limitless possibility, the fool is characterized by opposing forces, unpredictability, and anarchy. What the fool lacks is clarity of purpose and direction. Is he walking into danger or on the road to greatness? Who can say: it is the beginning of his journey and the destination is undefined.

The Fool is a force we see every day in security. Lack of clarity? We see it all the time – we don’t have clarity around how to analyze the threats we’re bombarded with, we don’t have clarity about the metrics we gather (if any,) we don’t have clarity around the research we do, and we don’t have clarity about the terminology that we use to talk to each other. To prove that this force is at work, I don’t have to reach beyond today’s headlines; consider, for example, the Finjan Web Security Trends Report (published last week) and compare it to the ScanSafe Global Threat Report published yesterday. ScanSafe says, “ScanSafe reported that Web viruses decreased 47% in September, despite recent high profile Microsoft vulnerabilities…” while “Finjan