BC CYBER SECURITY
Saved by @jacobhtml

2 different frames or metaphors for #CyberSecurity

Security as a Quality Management issue thus a problem of robustness

Security as a Safety issue thus a problem of resilience

They’re fundamentally different, may even be at odds but how ?

🧵

 A Quality Management metaphor leads us down elements of testing, predictability and reliability in that we aim to be effective at dealing with predicted threats which represent a finite configuration of what our industries expect. We aim for “maintaining process integrity inside
Of known design, training and procedural parameters” (Dekker) so I prepare for a number of scenarios, ways I can foresee and threat model for and (not just operationally, but also reqs gathering, testing, training,sdlc and even threat intel) increasing the robustness of my system
All well and good, but from Complexity science we know that “robust constraints tend to fail catastrophically when design conditions are exceeded” @snowded
But this is also a cautionary tale. If you don’t have the capacity to deal with expected adverse conditions,
You have no business thinking or prioritising adaptive capacity because the “knows” can get you down and keep you there.
So until you get to the point where your robustness is sound, this is the metaphor that is most appropriate and which can be argued for economically
If and when the robustness of your system is high, meaning you have appropriate mitigations in place to the outcomes of the threat models you build for your apps and platform, then your risk profile starts to change.
The very measure you’ve put in place, which got you this far to achieve a “secure system” by industry and accepted standards, may now be exact things which will contribute to its downfall because “in safe systems the very processes that normally guarantee safety and generate
Org success can also be responsible for org demise” (Dekker) This means that the challenges you’re now likely to faced relate to the relationships & interconnections of your sociotechnical system (scarcity competition, patterns of info to decision makers, incrementalist nature
Of decisions taken over time which can cause drifts into failure, drifts into setting conditions for data breaches.
When you get here, a metaphor of Security as Safety is likely more appropriate. You’ve now dealt with the robustness of components and put in the measures which are
Expected to make you withstand the scenarios you can envision on your threat model. So now a focus on resilience becomes beneficial as you’re building systems which “are effective at meeting threats that represent infinite reconfigurations of - or ones that may lie entirely
Beyond - what the industry could anticipate” and which are “capable of maintaining process integrity well outside the design base or outside training or procedural provisions”

You’re now building for resilience and sustained adaptive capacity

“But can I do both?” You ask
The building of robustness benefits from processes of analysis (breaking things out to smaller parts and secure them to build them back up) while resilience benefits from processes of synthesis (role on the wider system and function within it)
So while you perform both types of assessments, a focus on resilience where there’s limited robustness is of little value. A small punch can knock you down and keep you there. So I would advocate building robustness first as the focus of transition/transformation, potentially
Being attentive to affordances and constraints to identify opportunities for improvement.

Remember that sources of resilience in orgs are in our people. They’re the ones dealing with the variability our systems and automation can’t handle, so applying principles of learning
From incidents, and understanding what our teams were surprised by, and namely any “fundamental surprises” (where their models the system were or what’s possible were challenged or took apart) are learning opportunities that should never go to waste
@threadreaderapp unroll

You May Also Like

\u0936\u094d\u0930\u0940\u092e\u093e\u0932\u0940 \u0939\u093f\u0924\u0947\u0936 \u0905\u0935\u0938\u094d\u0925\u0940
श्रीमाली हितेश अवस्थी...
@HiteshAwasthi89
#Thread
Benefits of writing SRI RAMA Jayam!!!

Writing Sri Rama Jayam is known as Likitha Japam- Writing Meditation. This gives one a complete sense of surrender to an inner conscience and peace while writing or chanting the mantras.

#Sri_Rama_Jayam #RamaNavami

Cont 👇

You can write this in any language of your choice. It is the connecting chords with the divine and your inner self.

Below are some points that we came across on the benefits :

Cont 👇

1. Vedas tell that as the sun dispels the darkness, the chanting of Rama Nama dispels all evil and obstacles of life. It is a way of liberation and salvation of human suffering.

2. When you think, that all roads are blocked to walk away from day to day problems..

Cont 👇

writing ‘Sri Ram Ram Ram’ gives you the most needed clarity of thoughts to find away out of odd situations.

3. It was told that a calmness engulfs as one indulges in writing the Sri Rama Jayam bringing in more clarity of mind, tolerance & strength to withstand obstacles in life.

4. Devotion of service of life and its varied forms is devotion to God. So there is no right or wrong way of writing this. The very thought and process to write is a connection with god and finds a inner meaning.

Cont 👇
ALL
\u0936\u094d\u0930\u0940\u092e\u093e\u0932\u0940 \u0939\u093f\u0924\u0947\u0936 \u0905\u0935\u0938\u094d\u0925\u0940
श्रीमाली हितेश अवस्थी...
@HiteshAwasthi89
Stambheshwar Mahadev Temple, Kavi Kamboi, Bharuch, Gujarat

Stambheshwar Mahadev is a Hindu Temple dedicated to Bhagwan Shiva, located in Kavi Kamboi in Bharuch District District of Gujarat, India. The Temple is about 150 years old. 1/n


The Temple is also known as the Submerging temple. The Temple is flanked by the Arabian Sea on one side and the Bay of Cambay on the other side.

As per legend, Tarakasura troubled the common people, sages and devas a lot. 2/n


Hence, Bhagwan Kartikeya k!lled him, but later he felt guilty for killing a demon who was a great devotee of Shiva. He went to Prabhu Vishnu and told about his guilty. Bhagwan Vishnu advised him to install a Shiva Linga to get relief from the sin. 3/n


As advised, he installed the Shiva Linga in this place and prayed to Bhagwan Shiva to forgive his sin.
The temple is located in Kavi Kamboi between the shores of Bay of Cambay and the Arabian Sea. This Temple is very simple temple in terms of architecture. 4/n


Every day, during the high tide hours, the temple submerges, and when the tide level becomes normal, the temple reappears again. The Temple houses a 4 feet high Shiva lingam. The Lingam can be seen during low tide. The visit to the temple should be planned in such a way that..5/n
ALL
Advertisement
Justin Jackson
Justin Jackson
@mijustin
A lot of bootstrappers think they have a marketing problem:

"I need to get better at marketing."

But, it's more likely that you have a product problem:

"Do customers really want this? Do they care enough about this to switch to a new solution?"

☝️ this is why most of my book, @marketingdevs, is about:

1. Choosing the right market
2. Building something they want

"If your product is remarkable, getting noticed is a lot easier." – @peldi


I was reminded of this concept again this morning while reading @pjrvs' book (Company of One):

"Sales increase when you honestly evaluate what someone needs and then teach them the value of what you're selling."


To succeed, your product has to offer an outcome that is highly desirable to a large group of customers.

The number of sales your product receives is a multiple of these two variables:

1. How big is the target market?
2. How desirable is the outcome you're offering them?
STARTUPS
Zena Hitz
Zena Hitz
@zenahitz
I just finished Eric Adler's The Battle of the Classics, and wanted to say something about Joel Christiansen's review linked below. I am not sure what motivates the review (I speculate a bit below), but it gives a very misleading impression of the book. 1/x


The meat of the criticism is that the history Adler gives is insufficiently critical. Adler describes a few figures who had a great influence on how the modern US university was formed. It's certainly critical: it focuses on the social Darwinism of these figures. 2/x

Other insinuations and suggestions in the review seem wildly off the mark, distorted, or inappropriate-- for example, that the book is clickbaity (it is scholarly) or conservative (hardly) or connected to the events at the Capitol (give me a break). 3/x

The core question: in what sense is classics inherently racist? Classics is old. On Adler's account, it begins in ancient Rome and is revived in the Renaissance. Slavery (Christiansen's primary concern) is also very old. Let's say classics is an education for slaveowners. 4/x

It's worth remembering that literacy itself is elite throughout most of this history. Literacy is, then, also the education of slaveowners. We can honor oral and musical traditions without denying that literacy is, generally, good. 5/x
CULTURE
Robbie Andrew
Robbie Andrew
@robbie_andrew
I doubt there are many outside of Norway that know that the Norwegian pop group A-ha was critical in the introduction of electric car incentives in Norway. I certainly didn't. Read on...


In 1989, two members of the group, Morten Harket and Magne Furuholmen were in Switzerland with environmentalist Frederic Hauge, when they came across a hobby-converted Fiat Panda. Stated range: 45 km. They snapped it up and imported it to Norway.

Photo: In Switzerland (Bellona)


On arrival in Norway, the regs didn't accommodate the registration of electric cars so it couldn't legally be driven on the road. Since it had a propane-fuelled heater, just like a motorhome, they registered it as a motorhome.

Moreover, in contrast to petrol cars, diesel cars paid registration fees based on how far they were driven, and our heroes thought this should also apply to electric cars. So the two-seater Swiss-converted Fiat Panda was registered as a diesel motorhome in Norway.

They managed (somehow) to avoid paying the one-off registration fee in 1990, and ever since then electric cars have been exempted this now-substantial fee.
Source:
HISTORY