Chris Mark in July 2014 of TransactionWorld (Proximate Reality) July 1, 2014
Posted by Chris Mark in cybersecurity.Tags: adaptive, Breach, Chris Mark, cyber, decision science, proximate reality, security, threats
trackback
July’s issue of TransactionWorld Magazine was just released. Click here to read my latest article, “Understanding Proximate Reality to Improve Security” Here is a preview..
“Various reports are published annually that analyze data breaches, opine on the root causes of the data theft and frequently ascribe blame to one party or another. It always invites scrutiny when a well-known security firm or analyst makes a definitive statement such as “X% of breaches could have been prevented through the implementation of basic controls, such as patching.”
This position is not only inconsistent with accepted risk management practices, but also confuses the basic concepts of correlation and causation while ignoring the very human element of adaptation. Unfortunately, companies that subscribe to these simplistic views of the industry and threats are exposing themselves to very real dangers. As supported by the increasing number of breaches identified each year, information security is no longer a domain for amateurs and requires the application of lessons learned from domains such as intelligence, anti-terrorism, and decision science to make effective decisions.
Two important concepts borrowed from the intelligence and anti-terrorism domains can be used to help CSOs and others make relevant decisions related to their risk posture and other aspects of data security. These concepts are known as Proximate Reality and Adaptive Threats.” Read More!
Global Security, Privacy, & Risk Management 
Reblogged this on SECURITY H.O.G and commented:
Latest TW Article
[…] are critical to understand. Rational Actor Model, Deterrence Theory, Escalation of Force Cycle, Proximate Reality, Defense Cycle, Causality, and Risk, are but a few of the concepts that underpin all security […]