Framework for Security: Security in the Community Context
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Framework for Security: Security in the Community Context

on

  • 404 views

Presentation at the ASIS International European Security Conference 2006 in Nice, France. Framework explains what security is and why it is needed. The original presentation includes animation that is ...

Presentation at the ASIS International European Security Conference 2006 in Nice, France. Framework explains what security is and why it is needed. The original presentation includes animation that is not functional in this SlideShare version. Unfortunately, some slides are therefore blurred. Please, get the original presentation from www.yhteisturvallisuus.net -> materiaali -> Security in the Community Context SCC.pps.

Statistics

Views

Total Views
404
Views on SlideShare
397
Embed Views
7

Actions

Likes
0
Downloads
5
Comments
0

2 Embeds 7

http://www.linkedin.com 5
https://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Framework for Security: Security in the Community Context Presentation Transcript

  • 1. EUROPEAN SECURITY CONFERENCE 24 April 2006 Nice, France Security in the Community Context Jere Peltonen Diplomatic Security Adviser Ministry for Foreign Affairs of Finland 1
  • 2. What is Security? % 2
  • 3. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> 2 a : something given, deposited, or pledged to make certain the fulfillment of an obligation b : SURETY 3 : an evidence of debt or of ownership (as a stock certificate or bond) 4 a : something that secures : PROTECTION b (1) : measures taken to guard against espionage or sabotage, crime, attack, or escape (2) : an organization or department whose task is security 3
  • 4. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> 4
  • 5. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> freedom from DANGER 5
  • 6. What is Security? Merriam-Webster Online Dictionary 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security> freedom from DANGER freedom from FEAR or ANXIETY 6
  • 7. What is Security? freedom from DANGER freedom from FEAR or ANXIETY in operational context become: 7
  • 8. What is Security? freedom from DANGER freedom from FEAR or ANXIETY in operational context become: freedom from impact of actual threats freedom from feeling unsure because of perceived threats 8
  • 9. What is Security? These should not be seen as purely alternative explanations of security. freedom from impact of actual threats freedom from feeling unsure because of perceived threats 9
  • 10. What is Security? These should not be seen as purely alternative explanations of security. Security should be understood as being combination of both. freedom from impact of actual threats freedom from feeling unsure because of perceived threats 10
  • 11. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats In theory and in practice, concept of security should not be limited to “security”, i.e. traditional security manager's area of expertise Security should be understood as covering all threats to operation, e.g. traditional business risks fall in the definition of security also 11
  • 12. What is Security? In theory and in practice, concept of security should not be limited to “security”, i.e. traditional security manager's area of expertise Security should be understood as covering all threats to operation, e.g. traditional business risks fall in the definition of security also This helps to see (and manage) everything that can affect the operation‟s success in one coordinated way This clearly makes security the issue of the Chief Executive Officer (or equivalent) 12
  • 13. What is Security? This helps to see (and manage) everything that can affect the operation‟s success in one coordinated way This clearly makes security the issue of the Chief Executive Officer (or equivalent) In practice, CEO needs to use experts in different „areas‟ of threat countermeasures and risk management (e.g. traditional “security”, business risks, information security, legal aspects) 13
  • 14. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats 14
  • 15. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 15
  • 16. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 16
  • 17. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 17
  • 18. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 18
  • 19. What is Security? freedom from impact of actual threats freedom from feeling unsure because of perceived threats Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. 19
  • 20. What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 20
  • 21. What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 21
  • 22. What is Security? Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. ACTUAL SURENESS SECURITY = RISKLESSNESS + 22
  • 23. Security in the Community Context - Why? • The starting point for the successful management of security (or anything else) is the comprehension of basic factors, i.e. relevant fundamentals. • This is essential for the successful management of broader complexes that adapts to different environments and changing circumstances. • “Security in the Community Context” is a model of relevant factors and their relationships. • It is a model of the concept of security (on a general level). 23
  • 24. Security in the Community Context - Why? • “Security in the Community Context” is a model of relevant factors and their relationships. • The model can be applied to any traditional area of expertise that is somehow related to threats to or risks of operation. • As a general level model, ”Security in the Community Context” binds these areas together. 24
  • 25. What is Community? • Group of individual people who interact • Community is held together by common goal(s) supposedly serving satisfaction of individual needs, i.e. • Community is held together by individual perceptions of usefulness of the common goal(s) 25
  • 26. In order words, community is of Individual persons have own heldtheir other to achieve their needs together by individual perceptions of goals, individual persons join forces. own. They want/expect the needs to be satisfied. the common goal(s). usefulness of Common goal(s) ”Let’s do something together Community is held together by that helps us achieve our common goal(s) supposedly serving Very often persons cannot achieve personal goals!” satisfaction of goals by needs. their individualindividual themselves alone. Individual need: Individual need: Individual need: 26 wants to be rich wants to have good life wants to be the best
  • 27. It order to achieve common goal(s), specific ‟tools‟ are Inis important that individual members of community understand sufficient levels operational elements in needed, i.e. the relevance of of operational elements are achieving common goal(s), and in needed for successful operation. turn personal goals. Operational Elements are: •Assets •Processes •Operational Structures •Operational Environment 27
  • 28. Assets • All tangible and intangible assets form an element, which is required by the operation in order to reach the goal(s). • Examples of assets: Input needed to maintain • money, tools, people, information, co sufficient level of assets mmunication channels, reputation, etc. Extra input needed to establish sufficient level of assets • In a way, assets are like pieces of puzzle, i.e. basic ingredients needed to create the whole of the operation. 28
  • 29. Processes • Series of actions, an element, which is required by the operation in order to reach the goal(s). • Examples of processes: Input needed to maintain • logistical processes, information sufficient level of processes management, raw material processing, assembly line Extra input needed to establish manufacturing, staff recruiting, etc. sufficient level of processes • Processes are means to bind assets - the pieces of puzzle - together as a whole that contributes 29 to the operation.
  • 30. Operational structures • Structures of community relating to the utilization of assets and processes. • Successful operation requires existing structures to be functional. • Intentionally and unintentionally formed official and unofficial relationships and arrangements between individual Input needed to maintain persons, groups, and operational units. sufficient level of structures • Examples of operational structures: Extra input needed to establish • official organizational hierarchy, informal sufficient level of structures social hierarchy, interdependencies, responsibili ty and duty arrangements, etc. • Operational structures are the base30 on which the puzzle can be assembled.
  • 31. Operational environment • Element, which cannot directly be influenced by the input of participants but is required for the operation to be successful. • From the standpoint of operation, operational environment is an external element. • Operational environment is an element, which can possibly be chosen, and it may be possible to prepare for the changes and their impacts. Some measures can possibly protect the operational environment against threats. • Examples of operational environment: • political and economic stability, specific weather conditions, adequate traffic connections, functional communications infrastructure, etc. • It is not possible to assemble a puzzle in31 a dark room.
  • 32. Input • Sufficient levels of assets, processes and operational structures are established and maintained by input from participants (=members of community). • Without sufficient input operational elements cannot be acquired/created or properly utilized. • Input is also required to acquire/create Input needed to maintain and properly utilize measures against sufficient level of elements threats. Extra input needed to establish • In order to contribute input, participants sufficient level of elements need to feel sure about the outcome of the operation (=common goal(s)). • Examples of input: • money, work 32 contribution, knowledge, etc.
  • 33. Participants All those who 1. have expectations regarding outcome of the operation, 2. have given or are giving input for the operation, 3. who are able in some way to alter the level of their input if wanted. • Examples of participants: • investors, employees, executives, cu stomers, citizens, companies, etc. • The practical scope of community can vary a 33 lot, depending on the goal(s), so can the types of participants.
  • 34. Operation The utilization of operational elements in order to reach goal(s). 34
  • 35. Output Successful utilization of operational elements creates output, which satisfies the expectations of participants regarding the output of operation, and in turn satisfies their personal needs. This also creates confidence in the usefulness of the operational elements. 35
  • 36. Operational Elements Assets, processes, operational structures and operational environment are called operational elements. 36
  • 37. Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 37
  • 38. Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 38
  • 39. Threats Something that may have negative influence on operation by causing damage to the operational elements, or by some other way hindering or preventing the successful utilization of the operational elements. Participants make their own interpretations of threats. Interpretations are not necessarily correct. 39
  • 40. Sureness X X X X X X Participants need to feel sure about the realization of expected output in order to give input for the operation. Sureness is positive feeling about the realization of wanted future. It is not connected to the actual realization of expectations as such but is based on subjective impressions regarding realization. 40
  • 41. Sureness lack of sufficient SURENESS lack of sufficient (NO COMMUNITY) INPUT NO OPERATION 41
  • 42. Sureness At the end of the day: It was NOT the actual threat that killed operation, It was the lack of sufficient sureness! 42
  • 43. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. Measures are also needed to fix vulnerabilities. Effective measures reduce risks. Participants make their own interpretations of measures. 43 Interpretations are not necessarily
  • 44. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. Measures are also needed to fix vulnerabilities. Effective measures reduce risks. Participants make their own interpretations of measures. 44 Interpretations are not necessarily
  • 45. Vulnerabilities Weaknesses or breaches, which hinder the protection of the operational elements with measures, or harm the preparedness to carry on operation in case of realized threat consequences. Vulnerabilities are well described by saying "chain is as strong as its weakest link". Vulnerabilities can be fixed by measures. Participants make their own interpretations of vulnerabilities. Interpretations are not necessarily correct. 45
  • 46. Vulnerabilities Weaknesses or breaches, which hinder the protection of the operational elements with measures, or harm the preparedness to carry on operation in case of realized threat consequences. Vulnerabilities are well described by saying "chain is as strong as its weakest link". Vulnerabilities can be fixed by measures. Participants make their own interpretations of vulnerabilities. Interpretations are not necessarily correct. 46
  • 47. Risk % Risk is used as means to measure the operational relevance of threat. In a way, risk is used as threat indicator, with information about the possibility and influence of the negative impact. Risk can be defined as potential % harmful outcome, whose harmfulness and level of possibility are 'known'. Risk is needed as a tool in order to be able to deal with the uncertainty of the future in appropriate way in the operational 47 context.
  • 48. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. % Effective measures reduce risks. Preparedness, created from input by specific measure(s) ”Stored input” 48
  • 49. Measures Measures are actions and means aimed at 1) protecting operational elements against threats, or 2) establishing and maintaining level of preparedness to carry on operation in case of realized threat consequences. % Effective measures reduce risks. Preparedness, created from input by specific measures ”Stored input” 49
  • 50. Security in the Community Context Both 1) the realization of risks (=impact of threats), and 2) the input decisions based on incorrect interpretations regarding all relevant factors % ALONE can prevent or hinder the community from fulfilling its purpose, in other words, the operation succeeding. 50
  • 51. Security in the Community Context Therefore, it is equally important to manage 1) the actual risks, and 2) the subjective interpretations made of them by the individual participants % of the community. 51
  • 52. Risk Management Actions and means aimed at actually minimizing the impact of threats to operation. % 52
  • 53. Sureness Management Actions and means aimed at establishing and maintaining sureness of participants based on as realistic interpretation of relevant factors as possible. 53
  • 54. Security Management Security management is: 1) risk management, and 2) sureness management. % 54
  • 55. DEFINITIONS Security Sureness about realization of expected future, based on sufficiently realistic interpretation of relevant factors. Security in the Community Context % Sureness of participants about realization of expected future, based on sufficiently realistic interpretation of relevant factors and weighted by the significance and alteration sensitivity of individual inputs. 55
  • 56. Additional information can be found online at yhteisturvallisuus.net or ysecurity.net (→ English) % jere.peltonen@formin.fi QUESTIONS? 56