By Ira Winkler

I was finishing up my latest book, Zen and the Art of Information Security, and I was thinking about what was the most important component of a security program. The one thing that I kept coming back to is that an organization that the most secure organizations were those that ignored the source of the problems and focused on addressing the problems.

After all, it doesn’t matter who is at fault for your problems, it matters how you handle them. You have to look beyond who may attack you. This doesn’t justify them attacking you, but it does mean that you need to proactively protect yourself and acknowledge that you have to do what you can to protect yourself. Just about every computer attack people and organizations experience could have been prevented. You can’t blame attackers or your software, when you could have proactively prevented the attacks. Other entities may be the source of the attack, but again, it is irrelevant.

Look at the analogy of a burning building. If you are inside a burning building, are you going to stand there and blame the person who smokes that caused the fire? Are you going to get out of the building as fast as you can, or are you going to stand there and wait for the fire department to come and rescue you, because it is their job?

Again, you might not be at fault and other people have a duty to assist you. Does that however mean that you are not going to proactively save yourself? Computers are the same way, but sadly people like to stand around and waste their time pointing fingers while not taking action.