Sharon Mudd graduated from the Master of Science in Information Assurance (MSIA) program at Norwich University in June. She contributes today's column - what follows is entirely her own work with minor edits.

* * *

Do you remember the quintessential horror movie "The Blob"? OK, technically, I don’t either. I am not old enough (it was released in 1958). But I do remember hearing about it and seeing clips from it used in other movies or TV shows. Recently, on a morning radio show, I heard the host describe the villain as an amorphous thing that attached itself to one person, ate him, and then proceeded to eat half the town. That summary struck me as almost exactly the same kind of description given for many of the complex security problems seen over the last several years.

Here’s the problem, though: Regular people do not want to hear about some vague entity waiting in the shadows to insinuate itself into their computers. That holds true for at-home users as well as business executives. But they also have no patience for wading through ever-so-enthralling details of IP addresses, code fragments and vulnerable ports.

So, borrowing a quote from the film’s protagonist, Steve Andrews (played by Steve McQueen), “How do you get people to protect themselves from something they don't believe in?”

Too many times what the general public (or even our management) hears from us geeks sounds like the same warnings of impending doom Steve was giving the people in the movie. “You’re in danger: a thing has come to town and is eating everything in its path. We may not be able to stop it.”

In familiar security terms, some of us attempt to instill fear, uncertainty, and doubt (FUD) so that the folks with the cash will give it to us to protect their assets. The trouble is that if we try to solve all problems with FUD, pretty soon the panic will be replaced by complacency. People only have so much roil-ability before our emergencies start becoming old news. This is bad.

I can think of several reasons why we, as information security professionals, still resort to Blobmongering. Here are my top candidates:

* In the world of 24-hour TV and Internet news coupled with increased home computer use, flashy exploits have gotten too much exposure. The enormous volume of information available overwhelms people. Even security professionals can be overwhelmed.
* Unfortunately, some security professionals seem to think that non-security people are too stupid to understand the complexity of the situation(s).
* Some business leaders are not patient enough or simply not willing to discuss technical issues, forcing security leaders to explain issues in overly simple terms.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.