This inaugural post introduces tranzform-security. We believe in a dynamic approach to security practice at critical infrastructure (CI). We draws from science in order to extend the boundaries on how we mostly think about security.
Critical infrastructures are ‘complex systems’. The human threats posed to CI manifest in two subcategories. Exogenous [outside the system] threats include acts of terror and other crime attacks by predators. Endogenous [inside the system] threats include technical vulnerabilities arising from human error, occupational fraud, internal theft, corruption, workplace sabotage and workplace violence.
About Complex Systems
“All complex systems, whether they are biological ecosystems like the human body, natural ecosystems like a rain forest, social ecosystems like an open-air market, or socio-technical ecosystems like the global financial system, or the Internet are deeply interlinked. Individual units within these ecosystems are interdependent, each doing its part and relying on the other units to do their part as well. This is neither rare nor difficult, and complex ecosystems abound.
Bruce Schneier, Liars and Outliers (2012)
Transformative Security Practice
“Transformative security practice” (TSP) is new language for defining transformation of security as ‘learning cultures’ (Senge, Peter. ‘The Fifth Discipline: The art and practice of the learning organization’. 1994).
A security learning culture is generative. It is a shift of mindset from ‘business as usual’ to one of wonder, discovery and continuous improvement. It is a new way to think about how organizations perceive and practice security. It is adaptive, putting technology in the hands of the right people, doing the right things, at the right time.
TSP challenges security to move beyond the limitations imposed by reductionist, cause and effect, thinking about solutions. It embraces chaos the comes with humanity. It applies ‘system’s thinking‘ to explore the inter-relatedness between parts in the organization, and how changes to these parts influence the whole.
With TSP, we learn how to motivate employees in playing a vital role in security as primary over technology. We recognize the influence and impact of beliefs, mental models, heuristics bias (mental shortcuts) and affect (emotions) on security.
A Generative Approach to Security
Security is dealing with new realities including acts of terror, transnational enterprise crime, and a post-industrial age uncertainty that is increasing stress and anxiety predicted in 1970 (Toffler, A. Future Shock).
TSP takes a behavioral and prevention science approach to security. In factors both the feelings of security and the reality of security. It draws on science from multiple disciplines including psychology, neuroscience, social physics, behavioral economics and behavioral biology.
TSP promotes deep cycle learning. It encourages lateral thinking to resolve security problems. It centers around five disciplines for creating a security learning culture :
- personal mastery
- mental models
- shared vision
- team learning and
- systems thinking delivered in practitioner-based, problem-solving ways.