The Fallacy of Despair: Why your security breach is not inevitable!

The Fallacy of Despair: Why your security breach is not inevitable!

There is a growing sentiment within the business community that a security breach affecting their company is inevitable. This is perpetuated by security professionals and providers or services and products who reinforce this mythos with statements resembling:

“It’s not if your company is going to be breached but when your company is going to be breached.”

We do not subscribe to this philosophy of fear; this fallacy of despair. We do not accept the inevitability of anything even death because we are convinced that science will fix that unfortunate end. All that being said, it should come as no surprise that of course we do not agree that your security breach needs to be inevitable.

The Fallacy of Fear

Fear is the creeping, crawling, insidious splinter of doubt germinating in your mind that compels you to react at times irrationally. Fear is a management tool to control the many or the one. Fear requires two opposing forces to synchronize.

Codependency has been defined as the addiction to people, behaviors or things. Codependency is the fallacy of trying to control interior feelings by controlling people, things and events externally*. The fallacy of despair is that there is nothing we can do to stop a bad thing from occurring.

Keep in mind that reactive cyber security firms want you to fear the unknown, the possibility that your company will be inevitably breached. It is in their business model’s best interest to keep your corporation codependent. They would not be in business if breaches were prevented.

While we have a moment of clarity without fear, consider that a security breach is comprised of. On one side of the equation you have an entity who desires access to your organization for some malicious purpose. On your side of this equation you do not want to allow this to happen; so don’t allow this to happen!

Do not volunteer to be a victim.

If a technologist creates something and another technologist can break that something, don’t you think it is safe to say that another technologist could identify the problem first and prevent the intrusion? Do not submit to this fallacy of despair!

In the cyber security realm there are only two forms of security; Proactive Cyber Security and Reactive Cyber Security. Reactive cyber security is all about cleaning up the mess post-breach. Proactive cyber security is all about preventing the mess from ever occurring.

The best and only thing that a company can do to remain ahead of threats by being proactive in the appropriate implementation of Governance, Technology and Vigilance (AKA The Security Trifecta). When about 96% of all breaches are avoidable through the application of simple and intermediate level controls, it is absolutely within your power to protect your company. Let me show you the way; away from this fallacy of despair philosophy.

Lazarus Alliance is Proactive Cyber Security.

*Wang, Charles R. Profound States of Despair: A Developmental and Systems Approach to Treating Emptiness. Boca Raton, FL: Universal, 2009. Print.

Impressum

IMPRESSUM STATEMENT

Lazarus Alliance is Proactive Cyber Security Service Marks

CONTACT AND REGULATORY INFORMATION

Impressum Statement: Founded in 2000, Lazarus Alliance has been passionately on the cutting edge of IT security, risk, privacy, governance, cyberspace law and compliance leadership, innovation and services provided to the global community. With significant contributions and innovations such as the IT Audit Machine, The Policy Machine, Cybervisor, ContinuumGRC, SafetyNET, the Holistic Operational Readiness Security Evaluation (HORSE Project), The The Security Trifecta, Your Personal CXO and other progressive initiatives helping companies eliminate nearly 96% of all cyber security risks, it’s no wonder that Lazarus Alliance has become a leading international name synonymous with incorruptible leadership, meaningful services, exceptional customer support and tangible innovations all specifically to prevent negative press and damage to your company, shareholders, employees and customers.

Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence, in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and compliance leadership solutions and is fully dedicated to global success in these disciplines. Contact us and learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™!

Lazarus Alliance is a proud veteran owned business.

Lazarus Alliance is a private stock corporation under United States law with headquarters in Phoenix Arizona, United States.
Chairman of the Supervisory Board: Michael D. Peters
Chairman of the Board of Management: Michael D. Peters

Board of Management:
Michael D. Peters
Louise Candelaria

Lazarus Alliance, Inc.
4980 S. Alma School Road
Suite A2279
Chandler, AZ 85248

Phone: 1-888-896-7580
Fax: 1-480-272-8846
Email: legal@lazarusalliance.com
Internet: http://lazarusalliance.com

The Security Trifecta™: an introduction.

I was reading a news article this morning about another security debacle at NASA involving the theft of a laptop containing the command and control codes for some high-tech toys like the International Space Station. The thing that amazed me the most was not that NASA would be a high value target, but that this laptop apparently was not encrypted. Seriously? Something that is considered entry level to security professionals is apparently only deployed to about 1% of all NASA computing devices, including mobile devices.

The Security Trifecta only from Lazarus AllianceFirst off, I do have sympathy for NASA and it’s dwindling congressional budget, however, two things are painfully evident and not excusable. First, there is great open source disk encryption available so budgetary excuses do not hold water. Second, this is not cutting edge technology and a few years ago, when the economy was good and the budgets were fat, this was never accomplished. The current, and at a minimum, the preceding NASA CISO’s should be dismissed in shame and given Darwin awards for incompetence. I don’t need to name you two boobs (no offense to actual breasts meant) because everyone can just Google NASA CISO to find out who you are, where you came from and where you went. This would not have happened on my watch.

In my second book, Governance Documentation and Information Technology Security Policies Demystified, I introduce you to a concept I call The Security Trifecta™. Security does not have to be complicated. I have spent my career within information security demystifying what for some is a like understanding a foreign language. The fact of the matter is that by taking three well defined pragmatic steps, we raise the bar and achieve success; governance documentation, technological enforcement and vigilant teamwork working together to promote security.

The Security Trifecta in brief:

  • Governance Documentation: The foundation for what we do is based upon the written word. We collectively, collaboratively, cooperatively establish standards that are based upon philosophy, legal requirements, best practices, and regulatory demands.
  • Technological Enforcement: When governance documentation has been established, we set about implementing and enforcing those standards as much as possible through the usage of technology. Some technology implementations allow for the end user to exercise greater choice and control, whereas others strictly enforce our standards taking the human choice element out of the mixture.
  • Vigilant Teamwork: The reality is that nothing works very well without teamwork. Controls and standards break down without careful tending just like weeds take over our gardens without vigilance. We must regularly review our security standards validating their relevancy and we will remain agile to adapt to the changing business landscape putting into practice carefully considered revisions to our ongoing security program.

The Security Trifecta is an effective and logical approach to information security I developed over the course of my career. The interesting thing is that the conceptual approach may also be applied to any other business process making it formidable to say the least.

Lazarus Alliance is Proactive Cyber Security™