Threat and vulnerability management:
Taking away the complexity
One of the oldest human skills
Security of any sort is a very old concept understood by all of us who are exposed to the physical world. Thus, threat and vulnerability management being one of the oldest human skill means that regulators of cyber-security systems can appeal to common sense to steer expert and casual users through complexity, making them conscious of system threats and vulnerabilities.
https://www.ulysses-systems.com/blog/a-way-of-looking-at-the-future-of-ai/
Casual users such as elderly people, and more distanced stakeholders of complex systems such as investors in cargo ships, hotels, cruise ships and factories, can manage cybersecurity by keeping simple notions of in mind. Simple is not simplistic. Because simple notions serve these same people in more complex subjects like geopolitics and war. Not least, because understanding geopolitics and wars are, like threats and vulnerabilities, among the oldest human skills. For those interested of course.
https://www.ulysses-systems.com/it-in-the-maritime-industry/
Separation of concerns
So, to make cybersecurity understandable, we need to remove unnecessary jargon and segmentations and, instead, separate the concerns. I.e., separate the concerns which support understanding. Because separation of concerns is our customary tool of understanding situations and involves breaking down complex situations into more understandable ones. The most useful separation of concerns, therefore, may not be one based on breakdown into best practices, sectoral systems. Nor breakdown into architectural variations of systems or other common breakdowns.
The most useful separation of concerns
The most useful separation of concerns in cybersecurity threat and vulnerability management shows that these concerns may be organized into a very modest and manageable number of themes:
the goals of intruders compared to the obstacles
the reward gained by intrusion compared to the intrusion effort
the paths of intrusion from entry to the final reward from the intrusion
All discussions about guidelines, best practices, business sectors, system architecture, software, hardware, actors, skills, authentication, severity of risk, legislation, past legislation and much more, are all organised by the above themes, which are intuitively understood. Retaining high level themes is far easier than keeping in mind a myriad of points of interest.
Casual and distanced cybersecurity stakeholders make sense of the complexity
Therefore, to organise those more detailed cybersecurity concerns, and so as to avoid becoming confused by numerous and perhaps unclearly organised and unfamiliar concepts beyond their level of IT specialisation, it is essential for the more distanced stakeholders to have the appropriate themes in mind.
In so doing, casual and distanced cybersecurity stakeholders are far more likely to make sense of the complexity. Moreso, they will make the appropriate efforts to protect their interests and those of others they affect.
Ulysses Systems is a specialist in Maritime software. And manages on board and shoreside information at the time of need and performance support of staff. Ulysses Systems pioneers methods for fast development of new annexes to existing software. And methods of monitoring underlying systems for compliance.
member
