Operational Security: Actors, Factors & Context Informing Risk or Vulnerability
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
Security is comprised of actors and factors relative to a specific asset, location, network and enterprise.
That is, inadequate consideration of the efficacy and representation of both actors and factors results in incomplete analysis of security which in turn distorts validity of risk or vulnerability.
Whether by means of descriptive statistics or other algorithmic methodologies, both the representation and capability of the protector and threat/bad actor remains essential.
In short, security and protection is achieved by good actors and protectors.
The operationalisation of security however must be applicable to specific an asset or various assets in specific contexts.
Security is not a universal statement or assurance.
In other words, it must be specified, measured and declared.
Moreover, security must be contextual to specified, planned or anticipated threats and harms.
The resulting operational security consideration captures and rates assets, protectors, threats and specified contexts.
Calculations, ratings and outcomes remain dynamic.
领英推荐
That is, as threats, contexts, assets and even protectors vary (sometimes minute-by-minute or hour-by-hour), so to varies the calculation and product of these factors.
These factor represent the most basic elements and should be considered as a baseline evaluation or point of comparison from location, organisation, asset or threat.
The absence of such rudimentary operational security calculations are indicative of ad-hoc security measures, randomly applied using ineffective economic models that produce unspecified degree of protection and prevention.
The omission or oversight is not entirely programatic or negligence but more reflective of the security industry or profession.
That is, individuals, providers, departments, governments and management remain extremely hesitant or reluctant to objectively evaluate or rank security protectors, providers and services and the resulting impact security concessions and trade-offs have on measures of security, protection or resilience.
In sum, the basics of operational security should be easily explained and sketched on the back of an envelope.
The calculation is improved and refined with analysis, evidence and economic modelling.
As a result, the lack of a basic formula and approach typically invalidates more sophisticated models to operational security and risk management.
In short, if you don't understand and have asset value/s, measures of protectors, knowledge of threats within a constrained context... you are unlikely to have adequate security management, let alone risk management.
Irrespective of popular visible and verbal theatre associated with security, risk, resilience and even safety.
Tony Ridley, MSc CSyP MSyl M.ISRM
Security, Risk & Management Sciences
I Use Security Risk Analysis to Streamline & Simplify the Process of Proactive Protection. I recently used intelligence gathering, CCTV camera review and data analysis to recover stolen items at Penn District, NYC.
2 年You’re too scholastically loaded and talented.
Working as CSO - RGA (PRITECH PARK -SEZ ) BANGALORE
2 年Nice to see ur posts, and learning new things sir,
Managing Director at TechnologyCare
2 年Superb - this is what is missing in the different disjointed processes - the linkage and relevance. This is a good way of connecting up factors at the university level - but I still consider "workflow" (process chart) as the best way to enable industry to follow logical steps to successfully actuate a legislated process.