Abstract
In his 1951 book The Hedgehog and the Fox, British political philosopher Isaiah Berlin refers to an adage from the ancient Greek poet Archilochus that theorizes that “the fox” concentrates his thoughts on many things (i.e., “foxes” think at the detail level), while “the hedgehog” concentrates his thoughts on a few big things (i.e., “hedgehogs” think at the conceptual or policy level). It is my opinion that a substantial portion of information security risk management practitioners tend to think like “foxes.” As a result, they have been concentrating their efforts on the details within the information technology (IT) architecture level, while giving relatively short shrift to the recognition of other aspects of information security controls (including the protection of sensitive and confidential corporate and individual information) at the organizational, procedural, cultural, and, to a lesser extent, physical levels. Consequently, the resulting control structure of “fox”-directed security efforts may be as effective as that early modern version of the firewall, the Maginot Line, was in protecting France during World War II. The Maginot Line was a brilliant technological infrastructure that provided virtually no protection to France because the German armies merely went around and over it.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
