As noted by the Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3, security provides “a form of protection where a separation is created between the assets and the threat.” These separations are generically called “controls,” and sometimes include changes to the asset or the threat.
Security is said to have two dialogues. Negative dialogue is about danger, risk, threat, etc. Positive dialogue is about opportunities, interests, profits, etc. Negative dialogue needs military equipment, armies, or police. Positive dialogue needs social capital, education, or social interaction.
Certain concepts recur throughout different fields of security:
- Assurance – assurance is the level of guarantee that a security system will behave as expected
- Countermeasure – a countermeasure is a way to stop a threat from triggering a risk event
- Defense in depth – never rely on one single security measure alone
- Risk – a risk is a possible event which could cause a loss
- Threat – a threat is a method of triggering a risk event that is dangerous
- Vulnerability – a weakness in a target that can potentially be exploited by a security threat
- Exploit – a vulnerability that has been triggered by a threat – a risk of 1.0 (100%)
Current Security Certification pursuits include: