What is security?
The objective of having security is to stop and/or limit the pain inflicted on the asset/organization.
Would a desperate car thief stop at the garage door to steal a rare car? Would a storm stop because it would cross international boundaries? Why would a determined person with malicious intent stop if they have a set goal in mind?
When do you know if you are secure?
If the asset is worth securing, how much time, effort, cash are you willing to put in to secure it? What are your threats?
You wouldn’t spend $50 to protect a jar of $3 biscuits against a 5 year old cookie monster. However, with a bit of innovation, it is quite possible to spend $1 to protect a jar of $3 biscuits simply by moving it out of sight.
Where is security placed?
Security must be a core part of what ever asset(s) you are protecting. It must be part of any project design/planning process. Security will cross over departments, systems, etc. Security is not down to one individual, it is a shared responsibility.
What would happen should a family member take down the cookie jar and place it in reach of a determined 5 year old cookie monster?
Is my Security implementation effective?
Security will be tested, if not by you it will be by that one determined individual.
Just like any test, you need to know what is it you’re trying to protect, what you need to be able to measure the effectiveness and the duration of the protection required.
Remember: Security HAS an expiry date! A security strategy must adapt and grow in accordance to the asset that it is protecting.
What good is a moat if your adversary has access to planes and helicopters?
How do I be ahead of the security game?
Innovation, before you can be innovative, you must have the appropriate tools at hand. Policies/Procedures/Information/Statistics/Metrics…
With that in mind, this blog will help anyone that is in charge of an asset that is worth protecting implement a well oiled security plan.