Friday, August 15, 2008

Microsecurity vs Macrosecurity

I found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following insight by Ravila Helen White in
Information Security and Business Integration
to be fascinating:

Economists figured out long ago that in order to understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 economy, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would have to employ a double-pronged approach. The first approach would look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 economy by gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ring data from individuals and firms on a small scale. The second approach would tackle analysis of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 economy as a whole. Thus was born micro and macro economics.

We can make information security more consumable by taking a page from economics. If we divide information security in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same manner as economics (its analytical form), we get micro information security and macro information security.

Micro information security is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nuts and bolts that support an organization's information security practice. It's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 technology, controls, countermeasures and tactical solutions that are employed day-to-day to defend against cyber threats. It's a step-by-step examination of information security for educational purposes and to facilitate discussion with our peers.

Macro information security is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 big picture and can be utilized to keep management in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 loop. It's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blueprint, framework, strategic plan, road map, governance and policies designed to influence and protect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise. It's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom line.

Macro information security also extends externally to support partners and customers as well as ensure compliance with regulations. Internal organization extension includes support of convergence programs and includes alignment to business goals and objectives.

Macro information security enables security leaders to align cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program(s) cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y oversee with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business. It bridges information security vernacular with traditional business acumen. When used correctly, macro information security can be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool that equals success. And, success is being invited back to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 table again and again.


I like this separation, although I am not as comfortable with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exact definitions. If you're fuzzy about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 difference between microeconomics and macroeconomics, Wikipedia is helpful:

Microeconomics is a branch of economics that studies how individuals, households and firms make decisions to allocate limited resources, typically in markets where goods or services are being bought and sold.

Microeconomics examines how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se decisions and behaviours affect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 supply and demand for goods and services, which determines prices; and how prices, in turn, determine cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 supply and demand of goods and services.


Macroeconomics is a branch of economics that deals with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 performance, structure, and behavior of a national or regional economy as a whole... Macroeconomists study aggregated indicators such as GDP, unemployment rates, and price indices to understand how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole economy functions. Macroeconomists develop models that explain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 relationship between such factors as national income, output, consumption, unemployment, inflation, savings, investment, international trade and international finance.

The differences are striking and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 distinction helpful. I don't think anyone thinks of a microeconomist in a negative light because he or she doesn't dwell on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "big picture" macroeconomic view. It's simply two different ways to contemplate and explain economic activity.

We have a separation of sorts in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security world. Macrosecurity types like to think about aggregate risk, capturing metrics, and enterprise-wide security postures. Microsecurity types prefer to focus on individual networks, hosts, applications, operating systems, and hardware, along with specific attack and defense options.

I think I prefer microsecurity issues but spend time on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 macro side when I have to justify my work to management.

1 comment:

Anonymous said...

nice post, but i have traditionally used macro-security to refer to state-level controls and micro-security to be corporate or sub-state.