First, let’s tell you what security is not. Security is not safety.

Security is on everyone’s mind at this festive time of year. As more and more consumers move their shopping online, e-commerce security and the security of personal information naturally comes to the forefront. But what is security?

It’s a large and nebulous topic to which entire areas of study are dedicated, and the average website owner can’t be expected to be an expert, let alone a consumer. That’s why we’re taking this opportunity to answer this question and hopefully provide a foundation of understanding to help all site owners and consumers better assess their security needs.

Security vs. Safety

First, let’s tell you what security is not. Security is not safety. Safety is the protection of assets from accidents and acts of nature. Wearing a hard hat is an example of a safety precaution, protecting you against bumps, sharp surfaces, and falling objects.

Regarding online shopping, there’s really no safety involved, unless you count a phone case to protect your mobile device from a drop while you’re looking at products on a retail store website.

Then what is security? Broadly put, security is the protection of assets from human attack. For more detail, allow us to elaborate.

Assets are anything of value to a person or organization. Assets could be people (employees, friends or family), physical objects (e.g. money or computers), or intangible items (e.g. data or reputation). Assets of different value will require different levels of security. The security measures implemented at Fort Knox to protect the US gold reserves will far exceed the security measures implemented to protect a car stereo.

The Need For Security In Our Daily Lives

Human attack means that a threat, whether it is intentional or not, subverts, steals, or sabotages one or more assets. This could be as simple as a street tough boosting a car stereo, or as elaborate as a coordinated industrial espionage campaign. Attacks can be physical, with harm to person and property, or they may be virtual, like a denial of service attack. Again, the level of protection afforded the asset(s) will depend upon the threat most likely to attack the person or organization to gain access to the asset.

Threat Profile Matrix

Threat Profile Matrix (via sandia.gov)

 

Finally, protection is the implementation of people, procedures, and technology to keep a threat from harming or absconding with an asset. A vault door is an iconic protection mechanism, though a reputation management service is also a method of protection. Together, the value of the asset and the level of sophistication of the threat will determine the level of protection necessary to protect said asset.

Making A Decision

Given the definition, you’re sure to surmise that one must identify all assets and define the most likely threats to said assets to determine effective security measures. (Another step to determine effective security is to characterize the facility in which the assets reside, though this extends the topic beyond an introductory article.)

Determining the right amount of security is important to achieve the maximum protection possible for the resources available, i.e. maximizing cost-benefit. This does not always mean that ‘more security’ is better. Protecting a car stereo from a special operations unit would not be an effective use of resources and may not even be effective security.

How Does SiteLock Fit Into The Security Picture?

SiteLock’s mission of effective website security manifests itself through expert security consultants who review customer needs before recommending the appropriate type and level of security service.

Hopefully, this explanation of security provides website owners the comprehension they need to choose a security solution.  Read to learn more about SiteLock’s web application firewall, your site’s vault door, and our malware scanner, the trained security guards protecting your site.  If you prefer, call 855.378.6200 to speak with one of our security consultants.