Philosophy of Security, Part 1 – What is “security”?
Recently I have been watching a lot of videos and reading quite a few articles about “security”. While they contain a lot of information about techniques and technologies used to provide “security”, very few of these publications attempt to explain what security is all about.
So, what is this “security” thing?
Fundamentally security is not about firewalls, passwords, SSL certificates, intrusion detection tools, alarms, locks and guards. All of these are tools which we use and with which we work, to deliver security.
Looking at nate of security from a buisness point of view, we arrive at two general conclusions:
- First: security is a process of assurance and maintenance of trust relationships that your business – and you – have with your customers and suppliers.
- Second: security is a process to provide protection of business and personal assets, such as premises, products, stock and goods holdings, or reputation.
The critical thing to note is the concept of assurance and manintaiance of trust as well as that of protection of assets and reputation.
This is because in absence of trust there is little or no commerce. A relationship with a level of trust is a must for commerce to happen because essentially people buy from people and organisations that they have come to trust (and at the end of the day, like it or not, all of your customers are people, regadless of the medium of the where the transactions that they engage in take place).
The level of trust required in a commercial relationship is derived form, and maintained through, yourself and your business behaving in a manner consistent with your stated values and with your customers expectations. Therefore it is important that you consider (security in the form of trust assurance) as a vital part of your business processes and procedures, and as impornant a targhet of investment as your tools and technology.
Not all transactions are commercial in nature. And for some sites/businesses the roles of customer and supplier get blurred depending upon the nature of the current engagement they have.
Not all transactions are commercial. All transaction however are an exchange of things with percived vale. There are trust relationships involved, and without trust, no exchnages happen, except when a coercive mechanism is invoked…