Re: What Would Disney Do ?

[Pete Herzog <pete () isecom org>]

Marc,

I think it's funny because I used a similar anecdote but for security 
awareness rather than controls.

The anecdote is a good one but one of the main problems with it is that 
Disney gives the perception of security through controls rather than 
actual security.  And how they do it is incredibly cost-prohibitive for 
many (including themselves it appears by looking at their current 
business forecasts).  Books like _Mouse_Tales_ (fun semi-business book 
on Disney) will show that there are a large number of problems going on 
in the Magic Kingdom from molestation of the Disney characters to deaths 
that are glossed over to keep the perception. However, that perception 
is not an over-all bad thing either.

I find the real value of Disney security is more the guests being 
"aware" than the controls.  Perhaps it has to do also with an 
uncomfortable or unfair feeling others have of someone subverting the 
controls.  If someone begins to appear frantic such as do to a suddenly 
missing child, strangers will start pointing out the direction the child 
was seen wandering by as an unattended child on the paths is often an 
anomoly.  Or an unknown adult smacking a teen in the head who has been 
spitting off the top of the Robinson treehouse onto passer-bys when 
security was not doing a thing.

I'm not condoning such vigilanti justice rather I'm pointing out an area 
where a lack of real security has lead to people randomly taking on the 
role themselves for various reasons.  While controls have security 
value, it's not the same as security.

Of course, your perception may vary by which park you attended.  I can 
only speak for Euro Disney.

Sincerely,
-pete.

www.isecom.org, www.isestorm.org
www.osstmm.org, www.hackerhighschool.org

Mark Curphey wrote:

> Yesterdays discussion about SSL login pages got me thinking about ways to
> make it easy for users to do the right thing and hard to do the wrong thing.
> I found some security architecture slides on the floptop from ages ago (I
> don't recall where the original text should be contributed to)
>
> Disney
> Many people visit Disney World and have a good time because their
> surroundings are controlled. This in turn makes it easier to control
> people's behavior and minimize problems. By using physical barriers and
> having a cheerful staff, Disney World makes it easy for visitors to conform
> and "do the right thing". 
>
> - Physical barriers (fountains, flower gardens) 
> - Limit the choices people can make about where to walk 
> - Guests are given constant instruction to minimize disorder 
> - Guests are constantly under surveillance by employees 
> - Many exhibits are only viewed through riding in a vehicle Order is
> maintained through voluntary activity 
>
> The control at Disney World is subtle and embedded in the routine activities
> of employees and visitors. It is designed to prevent any disorder and make
> everyone's visit as enjoyable as possible.
>
> Some of these things of course could be tied to the architectural patters
> discussed last week (limited view etc)
>
> Just thought it was an interesting anecdote.