Welcome to True Security
| Home |
| About |
| Fun Pictures |
| Blog |
| Contact |
True Security is a complex concept.
For many people security is a feeling. As such it can be
very difficult to express. In fact, security is about managing
risk. When we decide whether or not to lock something up we're doing
our own calculations about what we think the risks are, and then we're
comparing those risks with the factors leaning the
other way. "Is this a safe place to park my car?" "Should I go
there alone?" These are related to our feelings of security.
Truly understanding security involves more than just gut feelings. It involves understanding, measuring, and mitigating risk, and it can be a very complex process. The picture above shows a town by a lake. Certainly a peaceful setting. It was taken from the patio of a restaurant. Peaceful. Serene. Secure. But the restaurant is perched on the ridge of a caldera. The lake is located in the caldera itself, and at the center of the lake is an active volcano. With 33 eruptions since 1572, it continues to show unrest.
Do the people in the town by the lake feel secure? It's likely that they don't worry very much about an eruption, simply because a large scale eruption is not in their memory. Humans don't tend to comprehend catastrophic risk very well. We're good at deciding whether or not to cross the street, but when deciding if it's safe to build a house in a flood zone we tend to make decisions with our gut instead of considering what is guaranteed to happen in the coming years.
Understanding and expressing risk is the first requirement for True Security. The second requirement is making a decision about the risk. Once the risk is understood one must decide to eliminate, to mitigate, or to bear the risk. Failing to decide or indeed failing to understand the risk amounts to a decision to bear it.
Risk comes in many forms. True Security involves understanding risk and taking appropriate action so that a feeling of security is a true reflection of the world in which we live.
Vik Solem, CISSP
Email: vik at TrueSecurity.us
Please checkout the blog, and let me know what you think.