Determining your security needs requires an analytical dissection of your existing framework. This would instigate the development of a robust security structure. In developing this structure a comprehensive methodical analysis with in-depth understanding of the organisational structure has to be initiated. Initial prognosis has to be a fine comb dissembling of existing structures while allowing critical appraisals to determine the initial macro security tasks. It takes a critical approach to structure a concise security plan.
In Nigeria, there is a lackadaisical approach to the concept of prevention. The notion of protecting and preventing imminent threats to critical assets is non-existent. Most security structures are designed or commissioned in response to related incidents. In other words security is only put in place after the incident or threat occurs. So, whatever is developed is done in haste and lacks the analytical approach to mitigate such incidents or breaches from re-occurring.
Very few security structures are products of comprehensive analysis, as most are developed on an ad-hoc basis and lopsided. There is also that mediocre thought that security is not necessary when there is no impending ompromise more so when the cost of implementation seems expensive. So one is left to wonder how people invest so much on physical structures and human resources without any thought of safeguarding these structures and resources which must have cost colossal sums.
The aim of any security analysis is to identify security exposures in a methodical and thorough manner. So that whatever security initiative is contemplated, it will be based on a critical broad analysis and not just simply on the occurrence of the last security breach. The analysis ensures that specific mitigating concepts are directed appropriately at the precise needs.
The goal however, is not to develop a foolproof security plan. The goal instead, is to make the intended breach difficult and not necessarily impossible. The level of difficulty for the breach would depend on the robustness of security put in place, with consideration given to the value of the asset and the organisation's tolerance for risk. The underlying concept is that an asset cannot be protected completely, without absorbing some costs and inhibiting some operational endeavours.
Understanding the Security Analysis
The security analysis process is divided into five phases: Asset Definition; Threat Assessment; Vulnerability Analysis; Security Countermeasures; and Implementation.
Asset Definition
Asset definition begins with a broad understanding of the organisation's operations, its tasks, functions and its operating environment. Often, intangible assets are the most significant and are only discernible by examining the organisation's operations in depth. In effect, this step defines targets for attack.
Threat Assessment
A comprehensive security plan requires a critical identification of the threats. All areas of exposure have to be identified and considered. The assessment will identify all areas that are vulnerable. Threats that are unique to the organisation are identified and processed. Consideration too, has to be given to threats that may not have occurred yet, but are applicable because of the nature of the organisation or business.
Vulnerability Analysis
Security countermeasures represent obstacles in the path of imminent threat. The objective is to make the event less likely to occur by making it very difficult for a would be perpetrator to accomplish his or her deed. Before introducing the obstacles however, the processes must be defined. This exercise highlights points of vulnerability and provides a framework for the selection of various security countermeasures.
Security Countermeasures
Just as a patient may be harmed by improper medication, an organisation's security posture may be weakened, if not compromised, by improper application of security countermeasures. The exercise is more art than science, requiring a collaborative effort of management and security staff to arrive at a program consistent with an organisation's needs. Security countermeasures can include electronic security systems, physical barriers, security personnel, policies and procedures.
Policies state management's position and philosophy on business issues and practices. Procedures define the means for implementing the policy. This is a critical part of a security program. It defines programs and processes that are essential for security mechanisms to be effective.
Implementation
In this phase recommendations are transformed into specifications for people, systems and policies. The objective is to translate the security plan into procedures, organisational programs and processes. Equipment is purchased and deployed. All resulting processes are orchestrated to complement and support each other. In the aftermath a robust indispensable security solution is in place backed by the necessary security initiative.
In Nigeria, there is a lackadaisical approach to the concept of prevention. The notion of protecting and preventing imminent threats to critical assets is non-existent. Most security structures are designed or commissioned in response to related incidents. In other words security is only put in place after the incident or threat occurs. So, whatever is developed is done in haste and lacks the analytical approach to mitigate such incidents or breaches from re-occurring.
Very few security structures are products of comprehensive analysis, as most are developed on an ad-hoc basis and lopsided. There is also that mediocre thought that security is not necessary when there is no impending ompromise more so when the cost of implementation seems expensive. So one is left to wonder how people invest so much on physical structures and human resources without any thought of safeguarding these structures and resources which must have cost colossal sums.
The aim of any security analysis is to identify security exposures in a methodical and thorough manner. So that whatever security initiative is contemplated, it will be based on a critical broad analysis and not just simply on the occurrence of the last security breach. The analysis ensures that specific mitigating concepts are directed appropriately at the precise needs.
The goal however, is not to develop a foolproof security plan. The goal instead, is to make the intended breach difficult and not necessarily impossible. The level of difficulty for the breach would depend on the robustness of security put in place, with consideration given to the value of the asset and the organisation's tolerance for risk. The underlying concept is that an asset cannot be protected completely, without absorbing some costs and inhibiting some operational endeavours.
Understanding the Security Analysis
The security analysis process is divided into five phases: Asset Definition; Threat Assessment; Vulnerability Analysis; Security Countermeasures; and Implementation.
Asset Definition
Asset definition begins with a broad understanding of the organisation's operations, its tasks, functions and its operating environment. Often, intangible assets are the most significant and are only discernible by examining the organisation's operations in depth. In effect, this step defines targets for attack.
Threat Assessment
A comprehensive security plan requires a critical identification of the threats. All areas of exposure have to be identified and considered. The assessment will identify all areas that are vulnerable. Threats that are unique to the organisation are identified and processed. Consideration too, has to be given to threats that may not have occurred yet, but are applicable because of the nature of the organisation or business.
Vulnerability Analysis
Security countermeasures represent obstacles in the path of imminent threat. The objective is to make the event less likely to occur by making it very difficult for a would be perpetrator to accomplish his or her deed. Before introducing the obstacles however, the processes must be defined. This exercise highlights points of vulnerability and provides a framework for the selection of various security countermeasures.
Security Countermeasures
Just as a patient may be harmed by improper medication, an organisation's security posture may be weakened, if not compromised, by improper application of security countermeasures. The exercise is more art than science, requiring a collaborative effort of management and security staff to arrive at a program consistent with an organisation's needs. Security countermeasures can include electronic security systems, physical barriers, security personnel, policies and procedures.
Policies state management's position and philosophy on business issues and practices. Procedures define the means for implementing the policy. This is a critical part of a security program. It defines programs and processes that are essential for security mechanisms to be effective.
Implementation
In this phase recommendations are transformed into specifications for people, systems and policies. The objective is to translate the security plan into procedures, organisational programs and processes. Equipment is purchased and deployed. All resulting processes are orchestrated to complement and support each other. In the aftermath a robust indispensable security solution is in place backed by the necessary security initiative.
No comments:
Post a Comment