SlideShare a Scribd company logo

Framework for Security: Security in the Community Context

Download as PPT, PDF
Jere Peltonen
Jere Peltonen

Presentation at the ASIS International European Security Conference 2006 in Nice, France. Framework explains what security is and why it is needed. The original presentation includes animation that is not functional in this SlideShare version. Unfortunately, some slides are therefore blurred. Please, get the original presentation from www.yhteisturvallisuus.net -> materiaali -> Security in the Community Context SCC.pps.

1 of 56
EUROPEAN SECURITY CONFERENCE 24 April 2006 Nice, France Security in the Community Context Jere Peltonen Diplomatic Security Adviser Ministry for Foreign Affairs of Finland 1
What is Security? % 2
What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> 2 a : something given, deposited, or pledged to make certain the fulfillment of an obligation b : SURETY 3 : an evidence of debt or of ownership (as a stock certificate or bond) 4 a : something that secures : PROTECTION b (1) : measures taken to guard against espionage or sabotage, crime, attack, or escape (2) : an organization or department whose task is security 3
What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> 4
What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> freedom from DANGER 5
What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> freedom from DANGER freedom from FEAR or ANXIETY 6
What is Security? freedom from DANGER freedom from FEAR or ANXIETY in operational context become: 7
What is Security? freedom from DANGER freedom from FEAR or ANXIETY in operational context become: freedom from impact of actual threats freedom from feeling unsure because of perceived threats 8
What is Security? These should not be seen as purely alternative explanations of security. freedom from impact of actual threats freedom from feeling unsure because of perceived threats 9
What is Security? These should not be seen as purely alternative explanations of security. Security should be understood as being combination of both. freedom from impact of actual threats freedom from feeling unsure because of perceived threats 10
What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats In theory and in practice, concept of security should not be limited to “security”, i.e. traditional security manager's area of expertise Security should be understood as covering all threats to operation, e.g. traditional business risks fall in the definition of security also 11
What is Security? In theory and in practice, concept of security should not be limited to “security”, i.e. traditional security manager's area of expertise Security should be understood as covering all threats to operation, e.g. traditional business risks fall in the definition of security also This helps to see (and manage) everything that can affect the operation‟s success in one coordinated way This clearly makes security the issue of the Chief Executive Officer (or equivalent) 12
What is Security? This helps to see (and manage) everything that can affect the operation‟s success in one coordinated way This clearly makes security the issue of the Chief Executive Officer (or equivalent) In practice, CEO needs to use experts in different „areas‟ of threat countermeasures and risk management (e.g. traditional “security”, business risks, information security, legal aspects) 13
What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats 14
What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 15
What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 16
What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 17
What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 18
What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 19
What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 20
What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 21
What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 22
Security in the Community Context - Why? • The starting point for the successful management of security (or anything else) is the comprehension of basic factors, i.e. relevant fundamentals. • This is essential for the successful management of broader complexes that adapts to different environments and changing circumstances. • “Security in the Community Context” is a model of relevant factors and their relationships. • It is a model of the concept of security (on a general level). 23
Security in the Community Context - Why? • “Security in the Community Context” is a model of relevant factors and their relationships. • The model can be applied to any traditional area of expertise that is somehow related to threats to or risks of operation. • As a general level model, ”Security in the Community Context” binds these areas together. 24
What is Community? • Group of individual people who interact • Community is held together by common goal(s) supposedly serving satisfaction of individual needs, i.e. • Community is held together by individual perceptions of usefulness of the common goal(s) 25
In order words, community is of Individual persons have own heldtheir other to achieve their needs together by individual perceptions of goals, individual persons join forces. own. They want/expect the needs to be satisfied. the common goal(s). usefulness of Common goal(s) ”Let’s do something together Community is held together by that helps us achieve our common goal(s) supposedly serving Very often persons cannot achieve personal goals!” satisfaction of goals by needs. their individualindividual themselves alone. Individual need: Individual need: Individual need: 26 wants to be rich wants to have good life wants to be the best
It order to achieve common goal(s), specific ‟tools‟ are Inis important that individual members of community understand sufficient levels operational elements in needed, i.e. the relevance of of operational elements are achieving common goal(s), and in needed for successful operation. turn personal goals. Operational Elements are: •Assets •Processes •Operational Structures •Operational Environment 27
Assets • All tangible and intangible assets form an element, which is required by the operation in order to reach the goal(s). • Examples of assets: Input needed to maintain • money, tools, people, information, co sufficient level of assets mmunication channels, reputation, etc. Extra input needed to establish sufficient level of assets • In a way, assets are like pieces of puzzle, i.e. basic ingredients needed to create the whole of the operation. 28
Processes • Series of actions, an element, which is required by the operation in order to reach the goal(s). • Examples of processes: Input needed to maintain • logistical processes, information sufficient level of processes management, raw material processing, assembly line Extra input needed to establish manufacturing, staff recruiting, etc. sufficient level of processes • Processes are means to bind assets - the pieces of puzzle - together as a whole that contributes 29 to the operation.
Operational structures • Structures of community relating to the utilization of assets and processes. • Successful operation requires existing structures to be functional. • Intentionally and unintentionally formed official and unofficial relationships and arrangements between individual Input needed to maintain persons, groups, and operational units. sufficient level of structures • Examples of operational structures: Extra input needed to establish • official organizational hierarchy, informal sufficient level of structures social hierarchy, interdependencies, responsibili ty and duty arrangements, etc. • Operational structures are the base30 on which the puzzle can be assembled.
Operational environment • Element, which cannot directly be influenced by the input of participants but is required for the operation to be successful. • From the standpoint of operation, operational environment is an external element. • Operational environment is an element, which can possibly be chosen, and it may be possible to prepare for the changes and their impacts. Some measures can possibly protect the operational environment against threats. • Examples of operational environment: • political and economic stability, specific weather conditions, adequate traffic connections, functional communications infrastructure, etc. • It is not possible to assemble a puzzle in31 a dark room.
Input • Sufficient levels of assets, processes and operational structures are established and maintained by input from participants (=members of community). • Without sufficient input operational elements cannot be acquired/created or properly utilized. • Input is also required to acquire/create Input needed to maintain and properly utilize measures against sufficient level of elements threats. Extra input needed to establish • In order to contribute input, participants sufficient level of elements need to feel sure about the outcome of the operation (=common goal(s)). • Examples of input: • money, work 32 contribution, knowledge, etc.
Participants All those who 1. have expectations regarding outcome of the operation, 2. have given or are giving input for the operation, 3. who are able in some way to alter the level of their input if wanted. • Examples of participants: • investors, employees, executives, cu stomers, citizens, companies, etc. • The practical scope of community can vary a 33 lot, depending on the goal(s), so can the types of participants.
Operation The utilization of operational elements in order to reach goal(s). 34
Output Successful utilization of operational elements creates output, which satisfies the expectations of participants regarding the output of operation, and in turn satisfies their personal needs. This also creates confidence in the usefulness of the operational elements. 35
Operational Elements Assets, processes, operational structures and operational environment are called operational elements. 36
Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 37
Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 38
Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 39
Sureness X X X X X X Participants need to feel sure about the realization of expected output in order to give input for the operation. Sureness is positive feeling about the realization of wanted future. It is not connected to the actual realization of expectations as such but is based on subjective impressions regarding realization. 40
Sureness lack of sufficient SURENESS lack of sufficient (NO COMMUNITY) INPUT NO OPERATION 41
Sureness At the end of the day: It was NOT the actual threat that killed operation, It was the lack of sufficient sureness! 42
Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. Measures are also needed to fix vulnerabilities. Effective measures reduce risks. Participants make their own interpretations of measures. 43 Interpretations are not necessarily
Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. Measures are also needed to fix vulnerabilities. Effective measures reduce risks. Participants make their own interpretations of measures. 44 Interpretations are not necessarily
Vulnerabilities Weaknesses or breaches, which hinder the protection of the operational elements with measures, or harm the preparedness to carry on operation in case of realized threat consequences. Vulnerabilities are well described by saying "chain is as strong as its weakest link". Vulnerabilities can be fixed by measures. Participants make their own interpretations of vulnerabilities. Interpretations are not necessarily correct. 45
Vulnerabilities Weaknesses or breaches, which hinder the protection of the operational elements with measures, or harm the preparedness to carry on operation in case of realized threat consequences. Vulnerabilities are well described by saying "chain is as strong as its weakest link". Vulnerabilities can be fixed by measures. Participants make their own interpretations of vulnerabilities. Interpretations are not necessarily correct. 46
Risk % Risk is used as means to measure the operational relevance of threat. In a way, risk is used as threat indicator, with information about the possibility and influence of the negative impact. Risk can be defined as potential % harmful outcome, whose harmfulness and level of possibility are 'known'. Risk is needed as a tool in order to be able to deal with the uncertainty of the future in appropriate way in the operational 47 context.
Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. % Effective measures reduce risks. Preparedness, created from input by specific measure(s) ”Stored input” 48
Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. % Effective measures reduce risks. Preparedness, created from input by specific measures ”Stored input” 49
Security in the Community Context Both 1) the realization of risks (=impact of threats), and 2) the input decisions based on incorrect interpretations regarding all relevant factors % ALONE can prevent or hinder the community from fulfilling its purpose, in other words, the operation succeeding. 50
Security in the Community Context Therefore, it is equally important to manage 1) the actual risks, and 2) the subjective interpretations made of them by the individual participants % of the community. 51
Risk Management Actions and means aimed at actually minimizing the impact of threats to operation. % 52
Sureness Management Actions and means aimed at establishing and maintaining sureness of participants based on as realistic interpretation of relevant factors as possible. 53
Security Management Security management is: 1) risk management, and 2) sureness management. % 54
DEFINITIONS Security Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. Security in the Community Context % Sureness of participants about realization of expected future, based on sufficiently realistic interpretation of relevant factors and weighted by the significance and alteration sensitivity of individual inputs. 55
Additional information can be found online at yhteisturvallisuus.net or ysecurity.net (→ English) % jere.peltonen@formin.fi QUESTIONS? 56

Recommended

Measurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool StuffMeasurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Patrick Florer
 
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool StuffMeasurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Jody Keyser
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
IBM Government
 
Insights on it risks cyber attacks
Insights on it risks cyber attacksInsights on it risks cyber attacks
Insights on it risks cyber attacks
Vladimir Matviychuk
 
The Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookThe Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_book
JAMES E. McDONALD, PSNA
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
IBM
 
Dod IA Pen Testing Brief
Dod IA Pen Testing BriefDod IA Pen Testing Brief
Dod IA Pen Testing Brief
David McGuire
 
The difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of SecurityThe difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of Security
Anup Narayanan
 

Recommended

Measurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool StuffMeasurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Patrick Florer
 
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool StuffMeasurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Jody Keyser
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
IBM Government
 
Insights on it risks cyber attacks
Insights on it risks cyber attacksInsights on it risks cyber attacks
Insights on it risks cyber attacks
Vladimir Matviychuk
 
The Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookThe Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_book
JAMES E. McDONALD, PSNA
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
IBM
 
Dod IA Pen Testing Brief
Dod IA Pen Testing BriefDod IA Pen Testing Brief
Dod IA Pen Testing Brief
David McGuire
 
The difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of SecurityThe difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of Security
Anup Narayanan
 
Extremism the bane of our society
Extremism the bane of our societyExtremism the bane of our society
Extremism the bane of our society
Maryam S. Abbasi
 
Religious extremism
Religious extremismReligious extremism
Religious extremism
Viperia Lee
 
Religious extremism
Religious extremismReligious extremism
Religious extremism
OMAN1991
 
Religious Extremism
Religious ExtremismReligious Extremism
Religious Extremism
gueste45d41
 
Religious extremism in pakistan
Religious extremism in pakistan Religious extremism in pakistan
Religious extremism in pakistan
Amna Kazim
 
Research proposal
Research proposalResearch proposal
Research proposal
sandhyareshmi
 
Religious Extremism
Religious ExtremismReligious Extremism
Religious Extremism
gtansill
 
Research proposal writing 2013
Research proposal writing 2013Research proposal writing 2013
Research proposal writing 2013
Chukunoye Ochonogor
 
EXTREMISM A GENERAL CONCEPT
EXTREMISM A GENERAL CONCEPTEXTREMISM A GENERAL CONCEPT
EXTREMISM A GENERAL CONCEPT
maryam_arif
 
Research or Proposal Writing - DEFINITION OF TERMS
Research or Proposal Writing - DEFINITION OF TERMSResearch or Proposal Writing - DEFINITION OF TERMS
Research or Proposal Writing - DEFINITION OF TERMS
Jaime Alfredo Cabrera
 
Research proposal sample
Research proposal sampleResearch proposal sample
Research proposal sample
Vanessa Cuesta
 
Research proposal 1
Research proposal 1Research proposal 1
Research proposal 1
Hina Honey
 
Writing A Research Proposal
Writing A Research ProposalWriting A Research Proposal
Writing A Research Proposal
Orna Farrell
 
The Research Proposal
The Research ProposalThe Research Proposal
The Research Proposal
guest349908
 
8 Elements In A Research Proposal
8 Elements In A Research Proposal8 Elements In A Research Proposal
8 Elements In A Research Proposal
Azmi Latiff
 
Research Proposal Presentation
Research Proposal PresentationResearch Proposal Presentation
Research Proposal Presentation
Val MacMillan
 
My research proposal.ppt
My research proposal.pptMy research proposal.ppt
My research proposal.ppt
nanimamat
 
Organizational Security Culture : A New Business Paradigm by JMSupan 2019
Organizational Security Culture : A New Business Paradigm by JMSupan 2019Organizational Security Culture : A New Business Paradigm by JMSupan 2019
Organizational Security Culture : A New Business Paradigm by JMSupan 2019
JOEL JESUS SUPAN
 
Practical Advantages of a Security Educated Workforce
Practical Advantages of a Security Educated WorkforcePractical Advantages of a Security Educated Workforce
Practical Advantages of a Security Educated Workforce
Keyaan Williams
 
Disaster Risk Reduction Terminology
Disaster Risk Reduction TerminologyDisaster Risk Reduction Terminology
Disaster Risk Reduction Terminology
Zeynep M. Turkmen Sanduvac_ztscompany
 
Basic Security Concepts JMSupan 2019 Edition
Basic Security Concepts JMSupan 2019 EditionBasic Security Concepts JMSupan 2019 Edition
Basic Security Concepts JMSupan 2019 Edition
JOEL JESUS SUPAN
 
Security Assurance
Security AssuranceSecurity Assurance
Security Assurance
Roger Johnston
 

More Related Content

Viewers also liked

Religious Extremism
Religious ExtremismReligious Extremism
Religious Extremism
gueste45d41
 
Religious Extremism
Religious ExtremismReligious Extremism
Religious Extremism
gtansill
 
EXTREMISM A GENERAL CONCEPT
EXTREMISM A GENERAL CONCEPTEXTREMISM A GENERAL CONCEPT
EXTREMISM A GENERAL CONCEPT
maryam_arif
 
Research proposal sample
Research proposal sampleResearch proposal sample
Research proposal sample
Vanessa Cuesta
 
Research proposal 1
Research proposal 1Research proposal 1
Research proposal 1
Hina Honey
 
The Research Proposal
The Research ProposalThe Research Proposal
The Research Proposal
guest349908
 
8 Elements In A Research Proposal
8 Elements In A Research Proposal8 Elements In A Research Proposal
8 Elements In A Research Proposal
Azmi Latiff
 
My research proposal.ppt
My research proposal.pptMy research proposal.ppt
My research proposal.ppt
nanimamat
 

Viewers also liked (17)

Extremism the bane of our society
Extremism the bane of our societyExtremism the bane of our society
Extremism the bane of our society
 
Religious extremism
Religious extremismReligious extremism
Religious extremism
 
Religious extremism
Religious extremismReligious extremism
Religious extremism
 
Religious Extremism
Religious ExtremismReligious Extremism
Religious Extremism
 
Religious extremism in pakistan
Religious extremism in pakistan Religious extremism in pakistan
Religious extremism in pakistan
 
Research proposal
Research proposalResearch proposal
Research proposal
 
Religious Extremism
Religious ExtremismReligious Extremism
Religious Extremism
 
Research proposal writing 2013
Research proposal writing 2013Research proposal writing 2013
Research proposal writing 2013
 
EXTREMISM A GENERAL CONCEPT
EXTREMISM A GENERAL CONCEPTEXTREMISM A GENERAL CONCEPT
EXTREMISM A GENERAL CONCEPT
 
Research or Proposal Writing - DEFINITION OF TERMS
Research or Proposal Writing - DEFINITION OF TERMSResearch or Proposal Writing - DEFINITION OF TERMS
Research or Proposal Writing - DEFINITION OF TERMS
 
Research proposal sample
Research proposal sampleResearch proposal sample
Research proposal sample
 
Research proposal 1
Research proposal 1Research proposal 1
Research proposal 1
 
Writing A Research Proposal
Writing A Research ProposalWriting A Research Proposal
Writing A Research Proposal
 
The Research Proposal
The Research ProposalThe Research Proposal
The Research Proposal
 
8 Elements In A Research Proposal
8 Elements In A Research Proposal8 Elements In A Research Proposal
8 Elements In A Research Proposal
 
Research Proposal Presentation
Research Proposal PresentationResearch Proposal Presentation
Research Proposal Presentation
 
My research proposal.ppt
My research proposal.pptMy research proposal.ppt
My research proposal.ppt
 

Similar to Framework for Security: Security in the Community Context

Security revolutionized fosdem_20120205
Security revolutionized fosdem_20120205Security revolutionized fosdem_20120205
Security revolutionized fosdem_20120205
David Fetter
 
A Literature Review of Risk Perception Studies in Behavioral Finance
A Literature Review of Risk Perception Studies in Behavioral FinanceA Literature Review of Risk Perception Studies in Behavioral Finance
A Literature Review of Risk Perception Studies in Behavioral Finance
MShareS
 

Similar to Framework for Security: Security in the Community Context (20)

Organizational Security Culture : A New Business Paradigm by JMSupan 2019
Organizational Security Culture : A New Business Paradigm by JMSupan 2019Organizational Security Culture : A New Business Paradigm by JMSupan 2019
Organizational Security Culture : A New Business Paradigm by JMSupan 2019
 
Practical Advantages of a Security Educated Workforce
Practical Advantages of a Security Educated WorkforcePractical Advantages of a Security Educated Workforce
Practical Advantages of a Security Educated Workforce
 
Disaster Risk Reduction Terminology
Disaster Risk Reduction TerminologyDisaster Risk Reduction Terminology
Disaster Risk Reduction Terminology
 
Basic Security Concepts JMSupan 2019 Edition
Basic Security Concepts JMSupan 2019 EditionBasic Security Concepts JMSupan 2019 Edition
Basic Security Concepts JMSupan 2019 Edition
 
Security Assurance
Security AssuranceSecurity Assurance
Security Assurance
 
Oleksander Filts - Strategies for maintaining security
Oleksander Filts - Strategies for maintaining securityOleksander Filts - Strategies for maintaining security
Oleksander Filts - Strategies for maintaining security
 
OSH EAR by Dr Sharudin NIOSH
OSH EAR by Dr Sharudin NIOSHOSH EAR by Dr Sharudin NIOSH
OSH EAR by Dr Sharudin NIOSH
 
201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtable201408 fire eye korea user event press roundtable
201408 fire eye korea user event press roundtable
 
A holistic view_of_enterprise_security
A holistic view_of_enterprise_securityA holistic view_of_enterprise_security
A holistic view_of_enterprise_security
 
Alwinco Security Risk Assessment
Alwinco Security Risk AssessmentAlwinco Security Risk Assessment
Alwinco Security Risk Assessment
 
How to Secure America
How to Secure AmericaHow to Secure America
How to Secure America
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
 
pln9 presentation mall
pln9 presentation mallpln9 presentation mall
pln9 presentation mall
 
Critical Risk – it’s focus and application
Critical Risk – it’s focus and applicationCritical Risk – it’s focus and application
Critical Risk – it’s focus and application
 
Security Risk Assessment
Security Risk Assessment Security Risk Assessment
Security Risk Assessment
 
Security revolutionized fosdem_20120205
Security revolutionized fosdem_20120205Security revolutionized fosdem_20120205
Security revolutionized fosdem_20120205
 
Top-Rated Professional Security Services for Comprehensive Protection.pdf
Top-Rated Professional Security Services for Comprehensive Protection.pdfTop-Rated Professional Security Services for Comprehensive Protection.pdf
Top-Rated Professional Security Services for Comprehensive Protection.pdf
 
A Literature Review of Risk Perception Studies in Behavioral Finance
A Literature Review of Risk Perception Studies in Behavioral FinanceA Literature Review of Risk Perception Studies in Behavioral Finance
A Literature Review of Risk Perception Studies in Behavioral Finance
 
Safety Slide Show
Safety Slide ShowSafety Slide Show
Safety Slide Show
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
 

More from Jere Peltonen

More from Jere Peltonen (7)

USliittovaltio
USliittovaltioUSliittovaltio
USliittovaltio
 
Poikkeustilannetoimintakyky
PoikkeustilannetoimintakykyPoikkeustilannetoimintakyky
Poikkeustilannetoimintakyky
 
Physical security analysis tool
Physical security analysis toolPhysical security analysis tool
Physical security analysis tool
 
Turvallisuuden käsitteellinen malli 2005
Turvallisuuden käsitteellinen malli 2005Turvallisuuden käsitteellinen malli 2005
Turvallisuuden käsitteellinen malli 2005
 
Fyysisen turvallisuuden ratkaisujen analysointi
Fyysisen turvallisuuden ratkaisujen analysointiFyysisen turvallisuuden ratkaisujen analysointi
Fyysisen turvallisuuden ratkaisujen analysointi
 
Tunkeutumisreittianalyysi, työkalun käyttöohje
Tunkeutumisreittianalyysi, työkalun käyttöohjeTunkeutumisreittianalyysi, työkalun käyttöohje
Tunkeutumisreittianalyysi, työkalun käyttöohje
 
Turvallisuuden käsitteellinen malli 2006
Turvallisuuden käsitteellinen malli 2006Turvallisuuden käsitteellinen malli 2006
Turvallisuuden käsitteellinen malli 2006
 

Framework for Security: Security in the Community Context

  • 1. EUROPEAN SECURITY CONFERENCE 24 April 2006 Nice, France Security in the Community Context Jere Peltonen Diplomatic Security Adviser Ministry for Foreign Affairs of Finland 1
  • 2. What is Security? % 2
  • 3. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> 2 a : something given, deposited, or pledged to make certain the fulfillment of an obligation b : SURETY 3 : an evidence of debt or of ownership (as a stock certificate or bond) 4 a : something that secures : PROTECTION b (1) : measures taken to guard against espionage or sabotage, crime, attack, or escape (2) : an organization or department whose task is security 3
  • 4. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> 4
  • 5. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> freedom from DANGER 5
  • 6. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> freedom from DANGER freedom from FEAR or ANXIETY 6
  • 7. What is Security? freedom from DANGER freedom from FEAR or ANXIETY in operational context become: 7
  • 8. What is Security? freedom from DANGER freedom from FEAR or ANXIETY in operational context become: freedom from impact of actual threats freedom from feeling unsure because of perceived threats 8
  • 9. What is Security? These should not be seen as purely alternative explanations of security. freedom from impact of actual threats freedom from feeling unsure because of perceived threats 9
  • 10. What is Security? These should not be seen as purely alternative explanations of security. Security should be understood as being combination of both. freedom from impact of actual threats freedom from feeling unsure because of perceived threats 10
  • 11. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats In theory and in practice, concept of security should not be limited to “security”, i.e. traditional security manager's area of expertise Security should be understood as covering all threats to operation, e.g. traditional business risks fall in the definition of security also 11
  • 12. What is Security? In theory and in practice, concept of security should not be limited to “security”, i.e. traditional security manager's area of expertise Security should be understood as covering all threats to operation, e.g. traditional business risks fall in the definition of security also This helps to see (and manage) everything that can affect the operation‟s success in one coordinated way This clearly makes security the issue of the Chief Executive Officer (or equivalent) 12
  • 13. What is Security? This helps to see (and manage) everything that can affect the operation‟s success in one coordinated way This clearly makes security the issue of the Chief Executive Officer (or equivalent) In practice, CEO needs to use experts in different „areas‟ of threat countermeasures and risk management (e.g. traditional “security”, business risks, information security, legal aspects) 13
  • 14. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats 14
  • 15. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 15
  • 16. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 16
  • 17. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 17
  • 18. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 18
  • 19. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 19
  • 20. What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 20
  • 21. What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 21
  • 22. What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 22
  • 23. Security in the Community Context - Why? • The starting point for the successful management of security (or anything else) is the comprehension of basic factors, i.e. relevant fundamentals. • This is essential for the successful management of broader complexes that adapts to different environments and changing circumstances. • “Security in the Community Context” is a model of relevant factors and their relationships. • It is a model of the concept of security (on a general level). 23
  • 24. Security in the Community Context - Why? • “Security in the Community Context” is a model of relevant factors and their relationships. • The model can be applied to any traditional area of expertise that is somehow related to threats to or risks of operation. • As a general level model, ”Security in the Community Context” binds these areas together. 24
  • 25. What is Community? • Group of individual people who interact • Community is held together by common goal(s) supposedly serving satisfaction of individual needs, i.e. • Community is held together by individual perceptions of usefulness of the common goal(s) 25
  • 26. In order words, community is of Individual persons have own heldtheir other to achieve their needs together by individual perceptions of goals, individual persons join forces. own. They want/expect the needs to be satisfied. the common goal(s). usefulness of Common goal(s) ”Let’s do something together Community is held together by that helps us achieve our common goal(s) supposedly serving Very often persons cannot achieve personal goals!” satisfaction of goals by needs. their individualindividual themselves alone. Individual need: Individual need: Individual need: 26 wants to be rich wants to have good life wants to be the best
  • 27. It order to achieve common goal(s), specific ‟tools‟ are Inis important that individual members of community understand sufficient levels operational elements in needed, i.e. the relevance of of operational elements are achieving common goal(s), and in needed for successful operation. turn personal goals. Operational Elements are: •Assets •Processes •Operational Structures •Operational Environment 27
  • 28. Assets • All tangible and intangible assets form an element, which is required by the operation in order to reach the goal(s). • Examples of assets: Input needed to maintain • money, tools, people, information, co sufficient level of assets mmunication channels, reputation, etc. Extra input needed to establish sufficient level of assets • In a way, assets are like pieces of puzzle, i.e. basic ingredients needed to create the whole of the operation. 28
  • 29. Processes • Series of actions, an element, which is required by the operation in order to reach the goal(s). • Examples of processes: Input needed to maintain • logistical processes, information sufficient level of processes management, raw material processing, assembly line Extra input needed to establish manufacturing, staff recruiting, etc. sufficient level of processes • Processes are means to bind assets - the pieces of puzzle - together as a whole that contributes 29 to the operation.
  • 30. Operational structures • Structures of community relating to the utilization of assets and processes. • Successful operation requires existing structures to be functional. • Intentionally and unintentionally formed official and unofficial relationships and arrangements between individual Input needed to maintain persons, groups, and operational units. sufficient level of structures • Examples of operational structures: Extra input needed to establish • official organizational hierarchy, informal sufficient level of structures social hierarchy, interdependencies, responsibili ty and duty arrangements, etc. • Operational structures are the base30 on which the puzzle can be assembled.
  • 31. Operational environment • Element, which cannot directly be influenced by the input of participants but is required for the operation to be successful. • From the standpoint of operation, operational environment is an external element. • Operational environment is an element, which can possibly be chosen, and it may be possible to prepare for the changes and their impacts. Some measures can possibly protect the operational environment against threats. • Examples of operational environment: • political and economic stability, specific weather conditions, adequate traffic connections, functional communications infrastructure, etc. • It is not possible to assemble a puzzle in31 a dark room.
  • 32. Input • Sufficient levels of assets, processes and operational structures are established and maintained by input from participants (=members of community). • Without sufficient input operational elements cannot be acquired/created or properly utilized. • Input is also required to acquire/create Input needed to maintain and properly utilize measures against sufficient level of elements threats. Extra input needed to establish • In order to contribute input, participants sufficient level of elements need to feel sure about the outcome of the operation (=common goal(s)). • Examples of input: • money, work 32 contribution, knowledge, etc.
  • 33. Participants All those who 1. have expectations regarding outcome of the operation, 2. have given or are giving input for the operation, 3. who are able in some way to alter the level of their input if wanted. • Examples of participants: • investors, employees, executives, cu stomers, citizens, companies, etc. • The practical scope of community can vary a 33 lot, depending on the goal(s), so can the types of participants.
  • 34. Operation The utilization of operational elements in order to reach goal(s). 34
  • 35. Output Successful utilization of operational elements creates output, which satisfies the expectations of participants regarding the output of operation, and in turn satisfies their personal needs. This also creates confidence in the usefulness of the operational elements. 35
  • 36. Operational Elements Assets, processes, operational structures and operational environment are called operational elements. 36
  • 37. Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 37
  • 38. Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 38
  • 39. Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 39
  • 40. Sureness X X X X X X Participants need to feel sure about the realization of expected output in order to give input for the operation. Sureness is positive feeling about the realization of wanted future. It is not connected to the actual realization of expectations as such but is based on subjective impressions regarding realization. 40
  • 41. Sureness lack of sufficient SURENESS lack of sufficient (NO COMMUNITY) INPUT NO OPERATION 41
  • 42. Sureness At the end of the day: It was NOT the actual threat that killed operation, It was the lack of sufficient sureness! 42
  • 43. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. Measures are also needed to fix vulnerabilities. Effective measures reduce risks. Participants make their own interpretations of measures. 43 Interpretations are not necessarily
  • 44. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. Measures are also needed to fix vulnerabilities. Effective measures reduce risks. Participants make their own interpretations of measures. 44 Interpretations are not necessarily
  • 45. Vulnerabilities Weaknesses or breaches, which hinder the protection of the operational elements with measures, or harm the preparedness to carry on operation in case of realized threat consequences. Vulnerabilities are well described by saying "chain is as strong as its weakest link". Vulnerabilities can be fixed by measures. Participants make their own interpretations of vulnerabilities. Interpretations are not necessarily correct. 45
  • 46. Vulnerabilities Weaknesses or breaches, which hinder the protection of the operational elements with measures, or harm the preparedness to carry on operation in case of realized threat consequences. Vulnerabilities are well described by saying "chain is as strong as its weakest link". Vulnerabilities can be fixed by measures. Participants make their own interpretations of vulnerabilities. Interpretations are not necessarily correct. 46
  • 47. Risk % Risk is used as means to measure the operational relevance of threat. In a way, risk is used as threat indicator, with information about the possibility and influence of the negative impact. Risk can be defined as potential % harmful outcome, whose harmfulness and level of possibility are 'known'. Risk is needed as a tool in order to be able to deal with the uncertainty of the future in appropriate way in the operational 47 context.
  • 48. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. % Effective measures reduce risks. Preparedness, created from input by specific measure(s) ”Stored input” 48
  • 49. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. % Effective measures reduce risks. Preparedness, created from input by specific measures ”Stored input” 49
  • 50. Security in the Community Context Both 1) the realization of risks (=impact of threats), and 2) the input decisions based on incorrect interpretations regarding all relevant factors % ALONE can prevent or hinder the community from fulfilling its purpose, in other words, the operation succeeding. 50
  • 51. Security in the Community Context Therefore, it is equally important to manage 1) the actual risks, and 2) the subjective interpretations made of them by the individual participants % of the community. 51
  • 52. Risk Management Actions and means aimed at actually minimizing the impact of threats to operation. % 52
  • 53. Sureness Management Actions and means aimed at establishing and maintaining sureness of participants based on as realistic interpretation of relevant factors as possible. 53
  • 54. Security Management Security management is: 1) risk management, and 2) sureness management. % 54
  • 55. DEFINITIONS Security Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. Security in the Community Context % Sureness of participants about realization of expected future, based on sufficiently realistic interpretation of relevant factors and weighted by the significance and alteration sensitivity of individual inputs. 55
  • 56. Additional information can be found online at yhteisturvallisuus.net or ysecurity.net (→ English) % jere.peltonen@formin.fi QUESTIONS? 56