Stress-Testing Our Security Assumptions in a World of New & Novel Risks

The most devastating security failures often occur when assumptions about potential risks are not taken into account. Prior to major incidents, such as 9/11 or the SolarWinds breach, assumptions were made that turned out to be incorrect. The imperative of security is to anticipate and mitigate risks that will arise in the future.

Assumptions are necessary for any security plan, but they have a shelf life. As new interdependencies emerge, the pace of technological development accelerates, and the role of who provides security changes, assumptions need to be stress-tested.

A future-resilient approach requires questioning existing assumptions about the world and environments in which we operate. This involves identifying broad or narrow assumptions across four categories: referent (who is being protected and why), affect (defenders’ ability to protect themselves and attackers’ capabilities), interdependence (system effects not sufficiently anticipated), and governance (role of government).

Stress-testing these assumptions is necessary for any leader interested in ensuring long-term security and resilience.

Read more

Sign up to receive daily content in your inbox

We don’t spam! Read our privacy policy for more info.

Share This Article

Leave Comment

Your email address will not be published. Required fields are marked *

Daily Newsletter

Subscribe to our free daily newsletter to get the latest summarized updates