Security – Cybersecurity, Home Security, Border Security – It’s All the Same

Posted on January 15, 2023 by Dr. David Holcomb

How are we doing security our treasure?

Do you have a lock on your front door? Do you have a password for your email account? People will secure their treasures based on their relative value, whether corporate assets, homes, or homeland. You secure these treasures to reduce the risk they will be taken or used without your permission.

“Security” is all about reducing risk. In the late nineties, Welke and Straub presented the four stages of the “security action cycle.” The first two stages focus on preventing loss, whereas the second two focus on minimizing loss from the intrusion. The four stages are::

  1. Deterrence: Taking action to dissuade a bad actor and prevent a violation.
  2. Protection: Implementing measures repelling the bad actor’s advance.
  3. Detection: Monitoring the environment to uncover the bad actor.
  4. Remedies: Returning to the pre-violation state includes containment, eradication, and recovery. Limiting the damage, seeking restitution via legal action, and repairing any damage done by the bad actor’s intrusion are included in this stage.

The risk is reduced when a company, person, or country acts early in the cycle. If you deter the bad actor, you will need less repelling, detecting, eradicating, and recovery. The earlier you stop the attack in the security action cycle, the less loss. So it is important to incorporate the learning in the protection, detection, and remedies stage back into the earlier stages.

Consider the example of cyber security. The security action cycle offers a solid framework for evaluating and putting context to the initiatives in a cyber security program. For example:

  1. Deterrence: A company may post security certifications, membership in a consortium, or recent legal action against previous bad actors on their website. Companies can deter insider issues with good policies and training.
  2. Protection: Firewalls, passwords, and physical barriers are all examples of protection strategies.
  3. Detection: Monitoring for abnormalities, known patterns, or thresholds can identify intrusions. Additionally, security guards may walk the beat to detect intrusion physically.
  4. Remedies: The organization must contain and eradicate the bad actor. After stopping the attacker, the company can begin cleaning up, restoring service, and seeking other remedies, including legal action.

Securing your home with locks, fences, passwords, lights, and even electronic security monitoring systems is standard fair. We will secure our perimeter without a second thought. Our barbecue grills, swing sets, lawnmowers, and deck chairs were purchased and built for our use or for the folks we allow. Keeping people out of your house and off your lawn is typical.

  1. Deterrence: A security system sign in the front yard, a guard dog sign on the fence, prickly bushes under the windows, and lighting work well here.
  2. Protection: We all know locks, fences, and those prickly bushes mentioned earlier are all protection steps. Some folks have protective dogs or security personnel.
  3. Detection: In the home, motion detectors, observant or nosy neighbors, cruising police, and that previously mentioned dog can detect the intrusion.
  4. Remedies: If the intruder uses your backyard swing, the problem will likely have little serious consequence, and remedies have less value except not to allow it to happen again. More serious events, such as a break-in burglary, require more action, including cleaning up, restoring service, and pressing charges. After such an event, some may feel insecure and solicit support and reassurance from family members that the house is safe.

Regarding the U. S. border policy, partisanship will result in flaming content. First, I believe in legal immigration and a goodly amount of it. The key to this post is the process and rules to enter the border gates should be clear and based on the desired results in the long term. The individual will not be a bad actor if the rules are followed. However, if the rules are not followed, the individual would be a bad actor because the process and laws are not being followed. So we can use the security action cycle to minimize bad actors entering our country inappropriately. Consider:

  1. Deterrence: Promoting the proper process to actors desiring entry, so they do not become a bad actor is the first step. Sharing the penalty for breaching the border should disincentivize bad actors.
  2. Protection:  In many countries, borders have natural barriers, artificial barriers, and guards to keep bad actors out. These barriers can act as deterrents as well. Interestingly, North Korea has guards to keep internal actors from leaving and or coming into the country.
  3. Detection: Once someone crosses the border illegally, the country’s massive size makes detection difficult if not detected early. Surveillance by border guards, drones, and other technologies can aid in the detection of those breaching the border.
  4. Remedies: A key to any illegal activity is following through on the associated penalties. The penalties should be associated with the crime. In the case of one that breaches the border, eradication could be deportation from the U. S. Repeat offenders should receive harsher sentences than the first offender.

We can use the security action cycle to determine a company, country, or person’s performance in securing an environment in each stage. A few questions:

  • How would you rate your company’s cybersecurity plan for deterrence, protection, detection, and remediation?
  • How about your performance securing your castle?
  • What rating would you give your country’s border security plan for deterrence, protection, detection, and remediation?

I am guessing we all have some work to do.

Until next time.

Dr. Dave

This entry was posted in Data into Dollars, Leadership & Management, Uncategorized. Bookmark the permalink.

Leave a Reply