How much security is enough security?
That is because each case has different threat levels. In fact, even the same case might have (different) variant threat levels depending on the situation and current conditions. Security is a living organism always affected by the environmental conditions. If. Even just one parameter of the environment was to change we would see a big fluctuation of the threat levels for the same entity.
Let me give you an example to understand this better.
We dress based on the environmental conditions, right?
How easy does that change?
With just one parameter change, temperature!
When the temperature gets higher you wear lighter clothes and when it drops you wear more clothes.
Here is another example:
During the day you can see naturally. During night time which is basically the alteration of the position of the sun you need electricity to power up a lamp and see. Again, just one environmental parameter is enough, light.
Before you consider this technical language, hold on a second.
I always explain concepts in simple terms because I am talking to people who are not security experts.
Normal scenarios are comprised by all scenarios that can happen when everything is operating properly aka the environmental parameters stay constant for long periods of time.
Extreme case scenarios refer to those scenarios that do not happen often but if they happen the threat level and/or the impact is higher.
Here is a tangible example to understand the difference.
Imagine having a car which you drive at a speed of 120km per hour. When the weather is not rainy or snowy the threat level you have to crash is dramatically lower than when you are driving in a road with piled snow. Right?
Why? Because your wheels are slippery on the snow.
How often do you drive in a snowy road? Hopefully not often but you need to consider this scenario as well and change your approach i.e. avoid driving during snowy days, add tires with chains and slow down your speed. Without being familiar with the threat levels for such a scenario though you cannot be prepared properly.
The threat level assessment is your compass for protection by allowing you to anticipate for each case accordingly.
So, if we were doing a threat level assessment for your car we would consider
- Weather conditions (i.e. sunny day, rainy day, snowy day,
- Materials blocking the road (dropped by other cars, caused by physical conditions, caused by accident of another car)
- Traffic percentage
- Road quality
- your cars’ speed
- maintenance of your car (i.e. tires condition, oil change, service condition, burned out lights)
- driver characteristics (experience, focus, emotional condition, physical condition-tired)
- time driving (morning, night)
You got the point. By the way, the above list is not exhausted. In order to do a solid threat assessment, you must consider as many scenarios as possible. Thus, being analytical and having knowledge of the conditions and environmental parameters is essential.
Environmental parameters as you may understand do not include only the physical and temperature properties. Especially with Security they include so much more.
- Your physical environment,
- Your virtual environment (data & systems),
- your habits and behavior,
- your status,
- asset value
- exposure to danger etc
All beforementioned are defining factors of your threat levels and are not the only ones.
That is why defining the customized needs is essential and the more customized and unique your “security architecture” is, your protection levels do increase exponentially.
Please note that customized and unique is not the same thing.
- Customized means designed or altered specifically for your needs and requirements and
- unique means having an element of surprise as it is not something that the cyber-criminal is already familiar with.
And let’s have a tweetable to summarize this episode’s message:
- Did you build your protection by first examining your threat levels?
- How long has it been since you performed your last threat levels evaluation? Environmental parameters change at high speed with technology.
This is the only way to find how much security is enough for you.
Security planning for 2019 Part 1 Click below if you prefer to listen. Free Quick start guide: Master your business Protection This episode is the first part of a three-part series based on a study I conducted about how the security levels of...
Your Protection spheres Click below if you prefer to listen. Learn how to become unpredictable here... Last night I met with my very good friend and extremely talented worldwide successful composer Marios Joannou Elia. Marios is one of the most...
How to write the best security script to follow - Why your business needs security policies & procedures Click below if you prefer to listen. Free Quick start guide: Master your business Protection An essential part of security is the...