An intro to security, with eggs, please

3 months ago 1
  • 25 July 2025

This isn't going to be a blog post about work stuff, is it?

Nah. I just thought it might be fun to write about security. You're welcome to go have a read about binturongs instead.

Okay, let's do this.

Did you like the binturong post?

Fine. Let's start with something glib: someone once said to me, tongue-in-cheek, that IT is anything with a plug. In the same spirit, security is anything with a risk.

Information security is the discipline of keeping information safe. (I've been shortening it to security, and for brevity I'll keep doing that.)

For senior managers, that means governance and risk. For technology teams, that means at least security management and operations, and likely other things too.

Anyway, let's say you own some information. By which I mean, you are a pine marten, and you own some eggs.

Uh.

I'm not actually a big fan of analogies for learning. (Spoiler: that's probably fine since I'm not sure this is really going to be an educational blog post.)

If you do fancy an encyclopaedic view of information security, Wikipedia has that covered.

However, as you are on binturo.ng and hopefully still reading, I am going to assume you're OK with being a pine marten who owns some eggs.

Dook dook.

Excellent.

How you got those eggs, or if you should have those eggs, is rather outside of the scope of this analogy. (Spoiler: these are ethically sourced eggs.)

Maybe I should just eat them?

Okay. One egg is two bites, right? So let's say that two bytes equals one egg, and therefore the equivalent of a gigabyte of data is 500000000 eggs. That's probably at least a couple of meals. So let's keep the others safe and secure. (Spoiler: no eggs were harmed in this admittedly bizarre scenario. Some birds were made rather unhappy, though. This will become important later.)

Err. Alright.

Plus, if you don't keep the eggs safe, the forest guardians will take 4% of them.

Dook!?

Why? Because of forest rules. You know you want to keep your eggs safe, but perhaps not everyone with eggs will agree. It's too much hassle, it makes things slower; it's just eggs, right? No worries: lots of creatures in lots of forests think it's important to keep eggs safe. So, forest rules.

Also, the R in GDPR stands for "r-egg-ulation."

Okay I am slowly wandering off topic. EGGS. One common model of thinking about security is called the CIA triad, not related to the three-letter US agency. By that, your eggs are safe and secure if they have:

  • Confidentiality: only creatures you like can get to your eggs.
  • Integrity: nobody can mess with your eggs.
  • Availability: you, and creatures you like, can get to your eggs when needed.

A newer model has six items, with the CIA triad plus possession (the eggs are yours), authenticity (the eggs are genuine), and utility (the eggs are tasty). I mention it mostly so I can quote this line from Wikipedia: The merits of the Parkerian Hexad are a subject of debate amongst security professionals. Aside from the name, which we can all agree is superb.

So how do we get from here to folks in hoodies surrounded by machine code?

Films, mostly. Like WarGames (1983) and Hackers (1995).

Are there any eggs in those?

(On the off-chance I rewatch those films and count the number of times eggs are mentioned, this is where I will edit that in. At the moment, I'm guessing 2.)

Anyway. The security of your eggs (let's call that 'ovosec') is a balance of risks, and the steps you take to handle those risks. If you leave your eggs out, they're openly available, but not at all confidential. If you trap them in concrete and drop them in the sea, they're extremely confidential, but virtually unavailable. You likely want something in the middle.

Ovosec is broadly about:

  • knowing your threats: other creatures, unhappy birds, vertical drops, the passage of time;
  • knowing your approach to risks: actually you're not all that fussed about confidentiality since you have literally half a billion eggs, but you definitely want them to be available to eat and not secretly replaced by chocolate eggs (as tasty as they are);
  • knowing your risks: other creatures take too many of your eggs, unhappy birds chase you around the forest, your eggs fall out of the tree or go bad before you can eat them, etc;
  • doing something about those risks (controls), like: access control (you need a blue collar to enter this tree), logging and monitoring (writing down who takes what eggs today), firewalls (literal walls made of fire: effective, but uses a lot of fuel, and don't store the eggs too closely to them, yes, Blossom, that means you);
  • not doing so much about those risks that you end up with eggs you can't eat (e.g.(g.) because they're in concrete on the ocean floor).

I would love to see where you're going with this.

Me too, header text. Let's find out together.

Our ovosec controls so far have two main flavours: physical (secure places to store eggs), and personnel (trusted creatures to handle eggs). However, technology! You and the ferrets build a series of pneumatic tubes to automatically deliver eggs to all your friends. Then the corvids build on it to deliver shiny things, and the badgers add to it to deliver mushrooms, and don't even get me started on the spiders--

Alright? Let's meet some very nice weasels in very cute hooded sweaters. They discover that if you sing into any of the pipes, you end up with free eggs. Neat. Actually, they find a lot of problems with your tubes. Why? Because they're weasels in hoodies, and they're bored, and solving puzzles is fun.

Congrats, you have several new ovosec problems. Your eggs need to be safe, both at rest and in transit, but now your friends think it'd be really cool if they could get eggs from any tube anywhere in the forest, or even pluck eggs out of thin air. Meanwhile, threats! Other creatures have easy access to your eggs, not just your friends. Unhappy birds can fill your tubes with expanding foam. Weasels in hoodies are everywhere. And your eggs can still fall out of trees, or tubes, or go bad.

So what can I do?

As you have a lot of eggs, and a lot of complex requirements for those eggs, I might recommend an approach to ovosec management (governance and risk), as well as teams to look after ovosec itself: they can write policies and standards for you, help your friends follow them, design ovosec controls, build, implement, operate them, monitor and investigate potential ovosec incidents, help get you back on your paws when incidents do happen, and review and improve the whole thing because all those pesky threats keep finding new ways to get at your eggs.

However, in your case: practically, you have more eggs than you, and any creature you know, could possibly eat in a year; likely the upper limit of safe chilling and freezing. So you may not need to worry too much. <3

Favourite, share, or reply to this post on the fediverse.

Read Entire Article
  1. Homepage
  2. Technology
  3. An intro to security, with eggs, please

Related

All operational US LNG terminals have violated pollution limits

All operational US LNG terminals have violated pollution lim...

12 minutes ago 0
Show HN: PitchWell, My AI PR Tool That Sounds Like You

Show HN: PitchWell, My AI PR Tool That Sounds Like You

14 minutes ago 0
German court rules Google must pay €572M for violating antitrust rules

German court rules Google must pay €572M for violating antit...

16 minutes ago 0
Hostinger Web Hosting