BC CYBER SECURITY
Saved by @jacobhtml

2 different frames or metaphors for #CyberSecurity

Security as a Quality Management issue thus a problem of robustness

Security as a Safety issue thus a problem of resilience

They’re fundamentally different, may even be at odds but how ?

🧵

 A Quality Management metaphor leads us down elements of testing, predictability and reliability in that we aim to be effective at dealing with predicted threats which represent a finite configuration of what our industries expect. We aim for “maintaining process integrity inside
Of known design, training and procedural parameters” (Dekker) so I prepare for a number of scenarios, ways I can foresee and threat model for and (not just operationally, but also reqs gathering, testing, training,sdlc and even threat intel) increasing the robustness of my system
All well and good, but from Complexity science we know that “robust constraints tend to fail catastrophically when design conditions are exceeded” @snowded
But this is also a cautionary tale. If you don’t have the capacity to deal with expected adverse conditions,
You have no business thinking or prioritising adaptive capacity because the “knows” can get you down and keep you there.
So until you get to the point where your robustness is sound, this is the metaphor that is most appropriate and which can be argued for economically
If and when the robustness of your system is high, meaning you have appropriate mitigations in place to the outcomes of the threat models you build for your apps and platform, then your risk profile starts to change.
The very measure you’ve put in place, which got you this far to achieve a “secure system” by industry and accepted standards, may now be exact things which will contribute to its downfall because “in safe systems the very processes that normally guarantee safety and generate
Org success can also be responsible for org demise” (Dekker) This means that the challenges you’re now likely to faced relate to the relationships & interconnections of your sociotechnical system (scarcity competition, patterns of info to decision makers, incrementalist nature
Of decisions taken over time which can cause drifts into failure, drifts into setting conditions for data breaches.
When you get here, a metaphor of Security as Safety is likely more appropriate. You’ve now dealt with the robustness of components and put in the measures which are
Expected to make you withstand the scenarios you can envision on your threat model. So now a focus on resilience becomes beneficial as you’re building systems which “are effective at meeting threats that represent infinite reconfigurations of - or ones that may lie entirely
Beyond - what the industry could anticipate” and which are “capable of maintaining process integrity well outside the design base or outside training or procedural provisions”

You’re now building for resilience and sustained adaptive capacity

“But can I do both?” You ask
The building of robustness benefits from processes of analysis (breaking things out to smaller parts and secure them to build them back up) while resilience benefits from processes of synthesis (role on the wider system and function within it)
So while you perform both types of assessments, a focus on resilience where there’s limited robustness is of little value. A small punch can knock you down and keep you there. So I would advocate building robustness first as the focus of transition/transformation, potentially
Being attentive to affordances and constraints to identify opportunities for improvement.

Remember that sources of resilience in orgs are in our people. They’re the ones dealing with the variability our systems and automation can’t handle, so applying principles of learning
From incidents, and understanding what our teams were surprised by, and namely any “fundamental surprises” (where their models the system were or what’s possible were challenged or took apart) are learning opportunities that should never go to waste
@threadreaderapp unroll

You May Also Like

Vibhu Vashisth
Vibhu Vashisth
@VIBHU_Tweet
शमशान में जब महर्षि दधीचि के मांसपिंड का दाह संस्कार हो रहा था तो उनकी पत्नी अपने पति का वियोग सहन नहीं कर पायी और पास में ही स्थित विशाल पीपल वृक्ष के कोटर में अपने तीन वर्ष के बालक को रख के स्वयं चिता पे बैठ कर सती हो गयी ।इस प्रकार ऋषी दधीचि और उनकी पत्नी की मुक्ति हो गयी।


परन्तु पीपल के कोटर में रखा बालक भूख प्यास से तड़पने लगा। जब कुछ नहीं मिला तो वो कोटर में पड़े पीपल के गोदों (फल) को खाकर बड़ा होने लगा। कालान्तर में पीपल के फलों और पत्तों को खाकर बालक का जीवन किसी प्रकार सुरक्षित रहा।

एक दिन देवर्षि नारद वहां से गुजर रहे थे ।नारद ने पीपल के कोटर में बालक को देख कर उसका परिचय मांगा -
नारद बोले - बालक तुम कौन हो?
बालक - यही तो मैं भी जानना चहता हूँ ।
नारद - तुम्हारे जनक कौन हैं?
बालक - यही तो मैं भी जानना चाहता हूँ ।

तब नारद ने आँखें बन्द कर ध्यान लगाया ।


तत्पश्चात आश्चर्यचकित हो कर बालक को बताया कि 'हे बालक! तुम महान दानी महर्षि दधीचि के पुत्र हो । तुम्हारे पिता की अस्थियों का वज्रास्त्र बनाकर ही देवताओं ने असुरों पर विजय पायी थी।तुम्हारे पिता की मृत्यु मात्र 31 वर्ष की वय में ही हो गयी थी'।

बालक - मेरे पिता की अकाल मृत्यु का क्या कारण था?
नारद - तुम्हारे पिता पर शनिदेव की महादशा थी।
बालक - मेरे उपर आयी विपत्ति का कारण क्या था?
नारद - शनिदेव की महादशा।
इतना बताकर देवर्षि नारद ने पीपल के पत्तों और गोदों को खाकर बड़े हुए उस बालक का नाम पिप्पलाद रखा और उसे दीक्षित किया।
ALL
Elon Musk\u2019s Meme \U0001f171\ufe0fot
Elon Musk’s Meme 🅱️ot...
@theMemesBot
Thats a gg, Satan
FUN
Advertisement
Suhas S. Hardutt
Suhas S. Hardutt
@HarduttSuhas
Marvels of Medical Science in Ancient India

ACHARYA SUSHRUTA and SUSHRUTA SAMHITA

Ancient Indians were pioneers in diverse fields of study and their genius was centuries ahead of their times. Feel the glory, basking in pride of their unparalleled achievements.

(Thread)


Sushruta (circa 7th or 6th century BC) was a surgeon who in present times is known as the “father of Indian medicine” and “father of plastic surgery” for inventing and developing surgical procedures. He lived in Kashi on the banks of river Ganga.(1)

His work documented in the Sushruta Samhita (compendium) is one of the oldest texts in the world on plastic surgery and regarded as one of the trilogies of Ayurveda. The other 2 being the Charaka Samhita and Astanga Hridaya.(2)

Sushruta compiled the Sushruta Samhita as an instruction manual for physicians to treat patients.(3)

The Samhita caters to surgical techniques listing over 300 surgical procedures and 120 surgical instruments. Additionally to 1,120 diseases, injuries and their treatments with over 700 medicinal herbs and their application.(4)
RELIGION
Pieter Levels \u2728
Pieter Levels ✨
@levelsio
Joe Rogan's podcast is now is listened to 1.5+ billion times per year at around $50-100M/year revenue.

Independent and 100% owned by Joe, no networks, no middle men and a 100M+ people audience.

👏

https://t.co/RywAiBxA3s

Joe is the #1 / #2 podcast (depends per week) of all podcasts

120 million plays per month source https://t.co/k7L1LfDdcM


https://t.co/aGcYnVDpMu
MAKERS
Brian Cates
Brian Cates
@drawandstrike
A lot of people don't understand that Trump & his incoming team didn't face a normal transition period, like it was over a in a matter of a few weeks or months.

The DOJ transition period JUST ENDED when Sessions left. Almost 2 exact years to get it there.

Pompeo at the CIA took over a year before he was done and ready to shift over to the State Department.

All kinds of stuff has been going on behind the scenes nobody leaks or talks about.

We only had the barest mention of the fact the Clinton Email investigation restarted

Nobody leaked in a year that Huber was deep diving into the Clinton Foundation.
Keep that in mind as all the usual suspects continue to INSIST nothing is happening/going to happen.
POLITICS