Alright, I mentioned this last post and I think it deserves a little more explanation. But I'll try to keep it brief. Check THIS out for additional information on the theory and application behind this.
Remember we discussed security efforts as deter, detect, delay, deny? And prevent, detect, respond? Well this is where the math meets the road. It goes something like this.
An attacker must complete certain tasks to successfully complete their objective, whatever that might be. You must devise a way, in advance, that thwarts their efforts. A significant part of the problem is that at some point all the prevention in the world fails to stop the attack. So there must be a response which naturally follows a successful detection of the threat. So assuming that an attack occurs at what point in the attack must the detection occur in order to insure that the response gets there in time. Garcia offers us a mathematical formula to describe this. Yes I know that we all thought that we left math theory behind a long time ago, but here it is:
CDP = TR > TG
TR is the minimum remaining delay on the adversary path, and
TG is the guard (police) response time
.
Alright so that wasn't any more simple. Look, you just have to make sure that the attack is detected with enough time that the response has enought time to stop it from being successful.
At that is the point. Where do you want to stop the attack? Before they gain access the property? Before they gain access to the building? Or, before they gain access to the safe? That's it.
Security, all security, is a function of time - I know we're back to math and I wasn't very strong in math either. But remember that although you are secure right now - most certainly because of carefully designed process but never by chance - you may not be secure in just a few minutes. Times change! New technology is introduced and diligence changes.
Here a few concepts playing on the time function of security:
- With unlimited time you can gain access to anything or anyplace
- There is never unlimited time - we get old, assets move, etc.
- With unlimited time it is possible to acquire any necessary resources
- With unlimited resources you can gain access to anything or anyplace
- But these are also limited - people, money, tools, etc.
- Resources are used to reduce the amount of time needed to be successful
- More people = overwhelming force
- More tools = technology being defeated quicker
- More money = more ability to acquire other resources
That's enough for now.
No comments:
Post a Comment