9 Lessons that the movie “Jurassic Park” can teach Infosec Professionals

Fortunately, most information security professionals can rule out “being eaten” as a consequence of things going wrong. Although the Jurassic Park scenario is comfortingly far-fetched, there are some very useful lessons to be learned from it, which are just as applicable in the average workplace as they are on a remote island off the coast of Costa Rica

Don’t be naive about your intellectual property. If it’s valuable to you, it is likely to be valuable to someone else and they may try to steal it from you. The easiest way to do that is usually through a disgruntled employee. If you can’t avoid disgruntling them in the first place, have monitoring, auditing and incident response plans in place to identify and react to unusual activity.

Separation of duties combats the insider threat –
Don’t allow one single person to have complete control of the entire security infrastructure.
No one person should be able to lock everyone else out.
No one person should be able to turn off audit logs, monitoring or surveillance systems

Single points of failure can be people too – if your IT specialist is eaten by poison-spitting dinosaurs, you don’t want to be left helpless. This is where clear, up-to-date documentation comes in really handy.

Test your DR systems – no-one likes to find out that they’ve been running on auxiliary power without perimeter security for the last seven hours – just before being plunged into darkness.

Don’t underestimate the enemy – understand the risks and build appropriate defences. As it turns out, velociraptors can turn door handles.

Hiring experts is good – actually listening to their recommendations is even better. If they tell you there is a risk, don’t throw a tantrum and call them names – ask them for advice and help in mitigating the risk.

If a piece of critical infrastructure hasn’t been built yet then don’t base today’s business continuity plans around it, hoping that there won’t be a major incident til tomorrow.

Keep an eye out for usability elements which weaken your security controls. Have an incident response plan ready – don’t assume your controls are bulletproof.
Using sex-changing frog DNA to fill the gaps in the dinosaur DNA but assuming the dinosaurs can’t breed because they were all created female demonstrates this.

If someone offers you a job on a remote island populated by carnivorous dinosaurs……don’t take it.

Leave a Reply


Sponsors of the CSF

if you'd like to support the work of the Charities Security Forum and see your logo here then please email us at info@charitiessecurityforum.org.uk to discuss sponsorship opportunities.