A model for security and security practices

Every other day we are hearing about new attacks, not with the guns and bullets but the brains and computers. Yes, if we see the statistics from 2001 – 2017, cyber-crimes have caused much more damage than any insurgents. Every organisation today has their most precious data stored digitally which makes it more vulnerable to the attackers. Unlike the traditional security measures, we use fences to keep the intruders out of the lawn, digital security requires much more than just a fence (digitally).

Rethinking security

With the ever-rising development in the technologies and the ever-increasing data, the data security is an endless game. The most immediate threat now to the cyber-security is ransomware, where the attackers encrypt the company’s data making it inaccessible to them and then demanding for ransoms for the data or sell in the black market. Data has now become the most expensive asset, it even precedes gold by a number of billions. The most recent cyber-attacks of 2017-2018 in the US have caused a damage of more than 100 Billion USD and it was just the data.
Cyber-attacks started from Trojans, Manipulators and many other and this is for sure that ransomware won’t be the last, there are always more pernicious and innovative threats developing and we don’t know when they could hit us. We must be prepared.

Security models

We require models for enhancing and keeping on our security measures. These models allow to check, the response, detection and prevention of the threats and all work in a constant loop. We need to put in efforts in order to develop proper models as per the organisation’s requirements and keep them updated. A simple model can be made just by self-analysing the questions below.

• Are the things being done in the right way?
• Are things done right?
• Are the things getting done well?
• Are there benefits?

Analysis of all these points helps to track and keep a check on the performance over time which also helps which aspect require the most security and where we are lacking. It determines the most vicious and integral part of the work structure. This way over time we can evolve and adapt new methodologies for work which would be more efficient as secure.

This method of developing models leads towards what is known as “defence in depth”. Here further various mechanisms are used such as threat modelling, secure coding and penetration testing. This will also implement the criteria and structure that everyone at each level in the organisation is responsible for the security. Further, this will also help in setting up the security cycle which is

• Prevention
  
• Detection
• Response
• Recovery

These are the four basic principles regarded as a cycle and can be used to determining, reviewing and monitoring the changes in the structure and working strategies.

No silver bullets
Concluding this, we have to understand that re-framing the whole structure and implanting the measured may sound like a great idea, but in an established organisation this is no easy feat. We need to study the working structure on depth, trace out the most vulnerable zones and then implement strategies. There are no silver bullets and patches that could wipe out or stop the intruding vampires from entering.