Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: What Would Disney Do ?
From: Pete Herzog <pete () isecom org>
Date: Thu, 29 Jul 2004 10:59:54 +0200

Marc,

I think it's funny because I used a similar anecdote but for security awareness rather than controls.

The anecdote is a good one but one of the main problems with it is that Disney gives the perception of security through controls rather than actual security. And how they do it is incredibly cost-prohibitive for many (including themselves it appears by looking at their current business forecasts). Books like _Mouse_Tales_ (fun semi-business book on Disney) will show that there are a large number of problems going on in the Magic Kingdom from molestation of the Disney characters to deaths that are glossed over to keep the perception. However, that perception is not an over-all bad thing either.

I find the real value of Disney security is more the guests being "aware" than the controls. Perhaps it has to do also with an uncomfortable or unfair feeling others have of someone subverting the controls. If someone begins to appear frantic such as do to a suddenly missing child, strangers will start pointing out the direction the child was seen wandering by as an unattended child on the paths is often an anomoly. Or an unknown adult smacking a teen in the head who has been spitting off the top of the Robinson treehouse onto passer-bys when security was not doing a thing.

I'm not condoning such vigilanti justice rather I'm pointing out an area where a lack of real security has lead to people randomly taking on the role themselves for various reasons. While controls have security value, it's not the same as security.

Of course, your perception may vary by which park you attended. I can only speak for Euro Disney.

Sincerely,
-pete.

www.isecom.org, www.isestorm.org
www.osstmm.org, www.hackerhighschool.org

Mark Curphey wrote:

Yesterdays discussion about SSL login pages got me thinking about ways to
make it easy for users to do the right thing and hard to do the wrong thing.
I found some security architecture slides on the floptop from ages ago (I
don't recall where the original text should be contributed to)

Disney
Many people visit Disney World and have a good time because their
surroundings are controlled. This in turn makes it easier to control
people's behavior and minimize problems. By using physical barriers and
having a cheerful staff, Disney World makes it easy for visitors to conform
and "do the right thing". - Physical barriers (fountains, flower gardens) - Limit the choices people can make about where to walk - Guests are given constant instruction to minimize disorder - Guests are constantly under surveillance by employees - Many exhibits are only viewed through riding in a vehicle Order is maintained through voluntary activity
The control at Disney World is subtle and embedded in the routine activities
of employees and visitors. It is designed to prevent any disorder and make
everyone's visit as enjoyable as possible.

Some of these things of course could be tied to the architectural patters
discussed last week (limited view etc)

Just thought it was an interesting anecdote.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault