Friday, March 9, 2007

Security – What it really means

se·cu·ri·ty (sĭ-kyŏŏr'ĭ-tē)
n. pl. se·cu·ri·ties

  1. Freedom from risk or danger; safety.
  2. Freedom from doubt, anxiety, or fear; confidence.
  3. Something that gives or assures safety, as:
    1. A group or department of private guards: Call building security if a visitor acts suspicious.
    2. Measures adopted by a government to prevent espionage, sabotage, or attack.
    3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
    4. Measures adopted to prevent escape: Security in the prison is very tight.
  4. Something deposited or given as assurance of the fulfillment of an obligation; a pledge.
  5. One who undertakes to fulfill the obligation of another; a surety.
  6. A document indicating ownership or creditorship; a stock certificate or bond.

Throughout history the definition of security has remained the same at its most basic level. But how does this apply in the 21st century with all of the new threats and risks that have evolved or been invented over time. Some of these threats and risks exist much as they have for centuries past while others are new and developing, emerging only in their infant stages at present day.

I would like to explore how security is relevant more today than any other time in history. This article is intended to look into the definition of security and directly relate it to business and life in the 21st century and why the RedSphere security model is so highly effective and applicable.

Honestly, we started off this century with a bang, relative to security, given the lack of forward planning or vision (however you would chose to believe it occurred) there was global concern about the time change from the year 1999 to 2000 and what would happen to our critical systems. Embedded systems were at risk, the very systems that control stock exchanges and power grids across the United States; all at risk of “crashing” that fateful new-years eve when the clock struck midnight and the code could not account for a 20 in the first bit of 2000 thus making systems believe that it was 1900. Perhaps many people did view this as a security risk, what would have happened if major power grids, defense systems, communications systems, emergency systems and much more the world disabled by a simple flaw in code? Luckily such a catastrophic event did not occur and most systems were able to roll over to the 21st century without a hiccup (with a little development patchwork). In nature this was a true security risk, based on the definition from many perspectives.

Stepping back in time and away from the cyber, or more recent, renditions of security risks and threats we find physical/personal security as a big issue. Dating back to the very beginning of recorded history there have been conflicts and issues involving this type of security. These conflicts were at times whole wars and at other times the ransom kidnapping of a wealthy aristocrat, individual, businessman or a close family member of one of the former. The security implication here is quite straightforward and easy to see, but let’s dig a little deeper into this matter while injecting the tools that the enemy has at their fingertips in the 21st century. Initially the physical and premises securities are the standout pieces of the puzzle; who was designated to secure the individual(s), were they adequately prepared, were they the right person for the job… Next we look at the premises security; were there adequate physical access controls in-place, was there an adequate security system in-place, is there video surveillance etc. From the perspective of Cyber security, often considered mundane in this scenario, what information could the threat obtain about the target, were the network and computer systems adequately protected, was the security system up-to-date, if you have personnel responsible for your electronic assets were they adequately trained and experienced?

The bottom line in any of these scenarios and all imaginable scenarios is that all aspects of security need to be thoroughly reviewed and considered from top to bottom. Initially a security plan should be created, next a security audit and finishing with security enhancements and implementations focusing on complete security as outlined in the RedSphere security model (some steps have been removed for simplicity sake). Unfortunately, most tend to only focus on a single aspect of security and leave the others wide open to exploitation, or simply lack the expertise to know what security concerns exist within these other spaces.

Though the base definition of security is quite simplistic, the true nature can be terribly complex and continues to become even more so with each passing day.

In an upcoming blog I will cover each of the key points found in the RedSphere security model. I will break each one down into it’s specific sub-points and emphasize the importance within the model.

Regards,
JJC


Works Cited:

American Psychological Association (APA):

security. (n.d.). The American Heritage® Dictionary of the English Language, Fourth Edition. Retrieved March 09, 2007, from Dictionary.com website: http://dictionary.reference.com/browse/security

Chicago Manual Style (CMS):

security. Dictionary.com. The American Heritage® Dictionary of the English Language, Fourth Edition. Houghton Mifflin Company, 2004. http://dictionary.reference.com/browse/security (accessed: March 09, 2007).

Modern Language Association (MLA):

"security." The American Heritage® Dictionary of the English Language, Fourth Edition. Houghton Mifflin Company, 2004. 09 Mar. 2007. dictionary.com http://dictionary.reference.com/browse/security.