Information Technology Reference
In-Depth Information
Business
Process
Security
Technology
Human
Security has four aspects
Figure 16.1
Important aspects of security.
It must be explicitly understood that when referring to security, we
are talking about a “system.” Security is not a static, one-time point solution
that can be achieved and forgotten. The security problem requires a
systems approach to solve it. As in any system, there will be interrela-
tionships between the various entities (Figure 16.1). There should be
processes for feedback, regulation, and control. In its stable or equilibrium
state, the system is secure while being functional. To achieve this state,
the system must be able to respond, often in complicated ways, to various
shocks that threaten this equilibrium. Any system requires time to respond
(known in systems science as the relaxation time) to bring the system
back to its stable state. If another shock occurs before this relaxation time
has elapsed, the system moves to a new state of disequilibrium and would
need a new relaxation time to recover. The system also could go into a
state of oscillation.
There is another facet of the security problem that should be recog-
nized. The systems behavior can often be nonlinear — a small mistake
can lead to massive damage. It should be the designer's objective to bring
such behavior into linear zones, so that small mistakes have small impacts,
and large mistakes have larger impacts.
are two commonly used terms when one talks about
security-related issues. Innumerable threats exist with arbitrary probabili-
ties of occurrence. They can leave different (harmful) impacts on the
assets that will be protected. There are so many possible natural threats
— earthquakes, hurricanes, floods, etc. — that it is not physically possible
to respond to every threat. A threat becomes a risk when its possibility
of occurrence crosses a reasonable threshold. If it is summer, then the
probability of occurrence of hurricanes in the Atlantic rises and may very
well constitute a risk that needs to be addressed for some coastal com-
munities. This differentiation assumes importance because security is all
about protection against risks.
Risk
and
threat
