This is the first in a set of blogs focused on high level briefings – typically 5 minute reads, covering design patterns and meta trends relating to security architecture and design.
When it comes to cyber security design, there have been numerous ways of attempting to devise the investment profile and allocative efficiency metric. Should we protect a $10 bike with a $6 lock, if the chance of loss is 10% – that sort of stuff. I don’t want to tackle the measurement process per-se.
I want to focus upon taking the generic business concept of outcomes, alongside some of the uncertainty that is often associated with complex security and access control investments.
I guess, to start with, a few definitions to get us all on the same page. Firstly, what are outcomes? In a simple business context, an outcome is really just a forward looking statement – where do we want go get to? What do we want to achieve? In the objective, strategy and tactics model of analysis, it is likely the outcome could fall somewhere in the objective and possibly strategy blocks.
A really basic example of an OST breakdown could be the following:
• Objective: fit in to my wedding dress…
