Irrespective of the steps taken in the wake of the hijackings, the sucker punch usually only works once. It is debatable how much all the reorganizations, new federal agencies and new laws have actually contributed to thwarting similar attacks over the past decade. The public demanded action, new agencies and new laws to keep innocents safe, and our political representatives were more than happy to comply.
If your organization is ever the victim of a security sucker punch, it might be best to spend some serious time reflecting on your response. In the wake of a security breach, there will always be calls for sweeping changes and new rules. Maybe a few simple changes and a new awareness are all that is necessary.
Risk professionals have determined that two changes since 9/11 have been the most effective: stronger cockpit doors, and new hijacking response procedures. Perhaps we should have stopped with that.
John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail Cool_as_McCumber@cygnus.com.