The Four A’s of Security
Optimal security adoption follows a natural pattern
People, organizations, governments, societies do not want security, they want the benefits of security. That is why throughout history, people have organized themselves for social benefit or for their own protection they take steps to secure themselves very naturally.
We are not them
People, groups and systems create a criterion by which they may distinguish “us” from “others.” Us from Them. Therefore, the first category of security is Authentication, the processes and systems that answer the question Who are you? Or Who are you in this context.
We do this, not that
The obvious next step is to set boundaries of behavior and property, since the group of “us” are agreeing to act a certain way, or treat ourselves a certain way, and live in a certain geography. We create boundaries (fences, walls, moats, gates, doors, firewalls) to allow the community of “us” to live undisturbed from those who would disrupt our life. This answers the second question, “What is expected of you?” or “What may you do?” We call this Authorization.
These are our protocols
When we define ourselves, or add new members, we naturally set up systems to administer changes. We may make laws or policies to govern ourselves and to regulate the definition and limits of exposure to others. All of this answers the third question, “How do we manage it?” or Administration.
How is it working?
With people and contexts defined, protective controls in place, and policies outlined, the obvious fourth question is “What happened? Or What is happening?” We must know the answer to that question in order to understand whether our people and systems really are who they say they are, that they are doing what they ought to be doing, and that our laws and policies are working for the benefit of the group. This is Audit.
Start Over and Improve
Once we’ve answered the fourth question of what happened, Audit, we know how to improve the systems. We start over, improving or refining the contexts for identifying ourselves and others. We go from simply treating all of us as the same and all of the others as outsiders, to understanding that even among ourselves there are differences, and among outsiders there are levels of “other-ness.” So, we improve identification and authentication with levels of passwords or secret handshakes. That causes us to refine and modify the authorization or perimeter controls, allowing outsiders to come in for trade or limited interactions, or alliances. Those actions of course cause us to revisit our policies and systems of administration – now much more complex than before.
And most important of all, we take stock once again, we audit how well, how efficiently and effectively our entire system works. Then we start over again, improving, refining, redefining, and so forth. Who are you? What may you do? How do I manage it? And What happened? These four questions drive the regular, natural, and predictable pattern of all security adoption. Repeatedly. Predictably.
Specialties: #executive #leadership #consulting #career #emotionalintelligence #productivity #riskmanagement #happiness