You are Here

For reasons yet unexplained, I’m a fan of those maps you find in traditional shopping malls. The maps that say “You are here” and offer a bright little star to indicate your location. They do something simple and they do it simply. They provide context.
I was recently asked to present to a small group of business school students on the subject of cyber security. I originally began to prepare a good 30-40 minute presentation and discussion, but was eventually informed I had ten minutes. Given that we can only scratch the surface in that time, I shared the following as a starting point for discussion about security and privacy.

Where are you?

Discussions around information security and privacy often start from the perspective of the listener or reader. It doesn’t really matter if you’re speaking with the CEO of a large company or a student in an undergraduate business course, at some point they all think about their own personal information and how concerned they are (or are not) about sharing it. With a younger audience the popular perception is that they don’t care, but in truth they do. They may not recognize it at first, but it’s not difficult to reach that moment of recognition.
For lack of a shorter term, I’ll call this image the “mall map of privacy perception” and acknowledge there is no star. I’ll leave that up to the reader. Just choose the type of information and the party that could have access and ask yourself if you are comfortable sharing that information with that group.
I think we all know people that would fill this chart with red circles and others that might spread the green a bit further. In general, we find that for our own information, we want complete knowledge and access regardless of type or sensitivity. With that same information, we don’t think the ‘bad guys’ should have any access. In between are all the authorized, semi-authorized, authorized with specific rules, and authorized for specific data situations.
In short, even as we become comfortable that an online retailer might know our shopping habits, that same information isn’t always acceptable for others. From this point, we can branch out into detailed discussions about specific types of information, sensitivity, and the controls around it.