Robert Garigue: Three Information Security Domains–the Physical (Old), the Process (Current), and the Content (Future)

Advanced Cyber/IO, Citizen-Centered, ICT-IT, Policies-Harmonization, Strategy-Holistic Coherence, Threats, True Cost
Click to Enlarge

Core Point:  The US national security world is still operating under a two conflicting paradigms: stovepipes within which authorized users have access to everything in the stovepipe (more or less); and isolated stovepipes in which external authorized users have to spend 25% of their time gaining access to 80+ databases (or worse, don't bother), and if they forget their password, a 2-3 day gap while access is restored.  What SHOULD have happened between 1986 when this was first pointed out and 1994 when the national alarm was sounded, was full excryption at rest of all documents, and a combination of automated access roles and rules together with anomaly detection at any point in the system including external drives.  The good news: 90% or more of what needs to be shared is NOT SECRET.  Bad news: someone other than the US Government “owns” that 90%.  The US system is not capable of ingesting and then exploiting that 90%.

See Also:

Robert Garigue, “Technical Preface” to Book Three

Robert Garigue, CISO Briefing

Robert Garigue: Information Security MANDATE

Advanced Cyber/IO, ICT-IT, Multinational Plus, Strategy-Holistic Coherence, Threats
Click to Enlarge

Core Point:  Information Security must enable both risk and advance–for example, M4IS2 (multinational, multiagency, multidisciplinary, multidomain information-sharing and sense-making).  Today cyber-security is an OBSTACLE to progress because it is, in one word, retarded–in two-words, risk-averse rather than risk-bounding.

See Also:

Robert Garigue, “Technical Preface” to Book Three

Robert Garigue, CISO Briefing

Robert Garigue: Structuring Risks (Role of Security)

Advanced Cyber/IO, ICT-IT, Strategy-Holistic Coherence, Threats
Click to Enlarge

Credited by Robert Garigue to Gabe Davids of EDS.

Core Point:  Done properly, security enables MORE risk-taking, allows one to do MORE with LESS.  In other words, cyber-security policies that are risk-averse instead of risk-enabling are, in a word, retarded and retard the enterprise.  Case in point: Wikileaks leading to no more flash drives–what SHOULD be in place is all the flash drives one wishes, but embedded security that prevents or flags abuse of those flashdrives.

See Also:

Robert Garigue, “Technical Preface” to Book Three

Robert Garigue, CISO Briefing

Graphic: Open Everything

About the Idea, Advanced Cyber/IO, Africa, Analysis, Balance, Capabilities-Force Structure, Citizen-Centered, Collection, Earth Orientation, Geospatial, History, ICT-IT, Innovation, Languages-Translation, Leadership-Integrity, Multinational Plus, Policies-Harmonization, Political, Processing, Reform, Strategy-Holistic Coherence, Threats, Tribes

Click to Enlarge

See Also:

2007 Open Everything: We Won, Let’s Self-Govern

2010 M4IS2 Briefing for South America — 2010 M4IS2 Presentacion por Sur America (ANEPE Chile)