I lived on a farm in the countryside where we never locked
the doors. The house was up a 1km track and we were already living where the
crows turn back. Locking the doors seemed a waste of time. Over 2 years there
was never an incident. It was the wind that blew off the roof in a February storm.
We had to move for months while it was repaired.
One risk was covered by our knowledge of the area and the
other was covered by a contract with the landlord. Keeping all our stuff intact
was very important to us and so was having a warm dry house.
Information Security uses a triad of targets to base all its
efforts when protecting data. The Confidentiality, Integrity and Availability
of information are the three. Systems are analysed for their ability to provide
a desired combination for each process within.
Each organisation will decide on the different combinations.
Within a business, sub-divisions will have their own versions of the
combinations. The requirements depend on the value of what item is being
protected and what means are available to lower the risks of not being able to
continue operating.
There are formulas and frameworks to help with these
decisions but my farmhouse experience shows they can be judgements made on the
ground. The common driving factors I believe are the commitment to protect
value and compliance with the laws and regulations.
The trick as in most things is achieving efficiency in
outcomes. To keep an item safe the protection should be as little as needed and
as strong as it should be.
Comments