Jason Holloway's Holy Grail

The long view of security strategies for your network.

And now for something completely different! 

In 1993 I published a column entitled “Velocihackers and Tyrannosaurus superior” in the paper version of Network World. The article caused considerable amusement because it analyzed the popular movie “Jurassic Park” from an information security perspective.

I’m delighted to report that Jason Holloway, vice president of marketing of the security firm ExaProtect has published an amusing security analysis based on “Monty Python and the Holy Grail.”

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

And now for something completely different! 

In 1993 I published a column entitled “Velocihackers and Tyrannosaurus superior” in the paper version of Network World. The article caused considerable amusement because it analyzed the popular movie “Jurassic Park” from an information security perspective.

I’m delighted to report that Jason Holloway, vice president of marketing of the security firm ExaProtect has published an amusing security analysis based on “Monty Python and the Holy Grail.”

The film follows a bizarre rendition of King Arthur (“Son of Uther Pendragon”) and the Knights of the Round Table (and Patsy) as they roam about Britain (knocking coconuts together as sound effects to make up for the lack of horses) seeking the Holy Grail (including in a castle occupied by French soldiers who inform him that Arthur’s mother was a hamster and his father smelt of elderberries). But I digress.

Holloway makes the following points from his analysis of events in the movie.

1. Build security on secure foundations (unlike Prince Herbert’s father who built his castle in a swamp).
2. Use security information and event management (SIEM) to avoid being overwhelmed, as by the Knights Who Say “Ni!”
3. Avoid false positives, as when Sir Lancelot rushes off to Swamp Castle to rescue… Prince Herbert.
4. Beware the presumption of causation based on correlation, as when Sir Bedevere tests a woman accused of being a witch by claiming that she would weigh as much as a duck - and thus be made of wood.
5. Be sure to store log files so that you can interpret current security alerts in the light of data - unlike the Knights’ focus on the incomplete record left by Joseph of Arimathea about the Castle of aaaaaaaarrrrrrgggghhhhh.
6. Remain flexible in setting and adapting policies - unlike the Black Knight who repeats “None shall pass” regardless of circumstance.

I urge all Monty Python nuts^H^H^H^Hfans to enjoy Holloway’s excellent essay.

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.