Security’s Insecurity Problems

Security has insecurity problems. Do you know what they are?

The problems are related to what our five senses do and all these offer. They are related to physical sensors designed and used by people and all these deliver. It's problems are related to neurons and synapses and all they convey. And security's insecurity problems are related to the human Limbic system with its learning, memory and autonomic processes. And, there is growing evidence that security insecurity is related to health, food and other fundamental human needs. Farther afield, security's insecurity problems are related to transcription, DNA expression, gene encoding and metabolic reactions.

Are you lost yet? After all this is a pretty broad set of topics without seeming rhyme or theme.

Can you tell what security's insecurity problems are?

More hints:

  • Security refers to being free of potential harm or threat
  • Most often this free from potential harm is from an external force or agent
  • Sometimes it can be free from internal harm
  • Insecurity is its opposite

Q1: How do you know these things?

Q2: When do you know these things?

Q3: Can we have security and insecurity simultaneously?

Security is related to risk, the potential of gaining or losing something. If you think you have something to lose, then you have risks you need to consider treating, managing, and maybe mitigating.

A lot of time those in digital security think that if you have a risk, it is actually a threat, a vulnerability, an exploit, a flaw and that the only risk treatment worthy of consideration is some from of mitigation, from workaround to elimination.

The reality is you can ignore the risk (threat), transfer it, not engage in behavior that induces it, or accept it and move on.

Although this digresses, it tells one story of why we have security and insecurity at the same time. Security is about shades of grey: it is not about black and whites. The nice tidy black and white contrasts are boundary conditions defining the field of reality. Security takes place inside and outside of the framework, in and out of the black and white boundary conditions.

One of security's insecurity's is we strive for black and white states and explanations, when in reality there are none. Instead we have rolling phenomenological states that are forever changing and evolving, always dynamic and never static, just like biologic processes and consciousness.

Only, we have this human problem of wanting to measure black and white and actual states that do not exist so that we can measure things: we often forget our measurements are always relative in time's arrow.

Security is related to Heisenburg's uncertainty principal, where uncertainty exists in the simultaneous measurement of position and momentum of particles. We can never concretely know both simultaneously. We can know both but not at the same time.

Security insecurity is time dependent for both threats and risks. We do our best to gain visibility into the when, but today's automation tools - at least the mainstream ones - are not up to the task of absolute precision we desire to have (although this is changing with some of the new deception tools on the market). We do our best to prioritize relative harm a security the event poses, but this is still an art and not yet a science.

Security insecurity is directly related to visibility, notification, registration, awareness, realization and related sensed consciousness. When the tree in the forest falls do you know whether it fell or not? When the clock chimed at 0100 hours, did you hear it? And when the attack occurred when did you find out about it?

Security insecurity is directly related to interpreting the sensory inputs around you. What do they mean? What is similar, dissimilar, different, askew, troubling, simple, complex, hidden, unknown, uncertain? What does the attack mean?

Security is all about uncertainty. Does being good at security mean loving uncertainty and living it? Does being bad at security means being certainty?

If you are certain, it's no longer security: instead it's process. Is security security or is it the boundary conditions. When and where do we use boundary conditions to make security easier to do?

We learn from our experiences, and what was uncertain today becomes relatively more certain tomorrow. But when is our certainty acting as blindfolds?

So, these are just a few of security's insecurity problems.

What are your candidates for security's insecurity problems, and more importantly, do you thrive on uncertainty?

 

Leave a Reply

You must be logged in to post a comment.

Featured Research

Spend on Security

Is your organization underspending on information security? If you’re like most, spending on information security lags far behind other priorities. Only during the past few years has spend on information security started to increase, but it still lags behind. In this Research Report, Wellington summarizes findings from research conducted with thousands of organizations to highlight

The Wizards of Tech

Find out how the unspoken issues of culture, incentives, business strategy, and people impact your life, and the utility of the technology products and services you rely on to operate your business. Download the full report – The Wizards of Tech – today!