WebApp Sec mailing list archives
Re: What Would Disney Do ?
From: Pete Herzog <pete () isecom org>
Date: Thu, 29 Jul 2004 10:59:54 +0200
Marc,I think it's funny because I used a similar anecdote but for security awareness rather than controls.
The anecdote is a good one but one of the main problems with it is that Disney gives the perception of security through controls rather than actual security. And how they do it is incredibly cost-prohibitive for many (including themselves it appears by looking at their current business forecasts). Books like _Mouse_Tales_ (fun semi-business book on Disney) will show that there are a large number of problems going on in the Magic Kingdom from molestation of the Disney characters to deaths that are glossed over to keep the perception. However, that perception is not an over-all bad thing either.
I find the real value of Disney security is more the guests being "aware" than the controls. Perhaps it has to do also with an uncomfortable or unfair feeling others have of someone subverting the controls. If someone begins to appear frantic such as do to a suddenly missing child, strangers will start pointing out the direction the child was seen wandering by as an unattended child on the paths is often an anomoly. Or an unknown adult smacking a teen in the head who has been spitting off the top of the Robinson treehouse onto passer-bys when security was not doing a thing.
I'm not condoning such vigilanti justice rather I'm pointing out an area where a lack of real security has lead to people randomly taking on the role themselves for various reasons. While controls have security value, it's not the same as security.
Of course, your perception may vary by which park you attended. I can only speak for Euro Disney.
Sincerely, -pete. www.isecom.org, www.isestorm.org www.osstmm.org, www.hackerhighschool.org Mark Curphey wrote:
Yesterdays discussion about SSL login pages got me thinking about ways to make it easy for users to do the right thing and hard to do the wrong thing. I found some security architecture slides on the floptop from ages ago (I don't recall where the original text should be contributed to) Disney Many people visit Disney World and have a good time because their surroundings are controlled. This in turn makes it easier to control people's behavior and minimize problems. By using physical barriers and having a cheerful staff, Disney World makes it easy for visitors to conformand "do the right thing". - Physical barriers (fountains, flower gardens) - Limit the choices people can make about where to walk - Guests are given constant instruction to minimize disorder - Guests are constantly under surveillance by employees - Many exhibits are only viewed through riding in a vehicle Order is maintained through voluntary activityThe control at Disney World is subtle and embedded in the routine activities of employees and visitors. It is designed to prevent any disorder and make everyone's visit as enjoyable as possible. Some of these things of course could be tied to the architectural patters discussed last week (limited view etc) Just thought it was an interesting anecdote.
Current thread:
- What Would Disney Do ? Mark Curphey (Jul 28)
- Re: What Would Disney Do ? access_denied (Jul 29)
- Re: What Would Disney Do ? Pete Herzog (Jul 29)