In this book, we will lead you through a new way of thinking about security. Your first impression might be that we are crazy and unrealistic. Bear with us and our examples, and you will see that it works. A case study by Gartner done on the implementation within the Dutch police force concludes that it is the only working risk method so far. Paul Proctor, their former chief of security and risk management, said, ‘They nailed it!’
All the trends that are foreseen by Gartner and Forrester on security are already implemented and integrated into our approach. We did it for real. You might wonder what the ‘it’ is and if it is magic. We assure you it is not magic. It is like the Columbus egg puzzle; once you know how to do it, it is common sense. And, of course, you have to be persistent in achieving the goals and applying this way of thinking.
Over the years, we devised a way of thinking about
• ‘Being’ in control without measuring and still seeing progress,
• One’s perspective on reality as just one way of looking at the world,
• Management involvement and no plausible deniability,
• Objectivity and intersubjectivity: not needing a complete picture and still doing the right things,
• Where the truth lies: with the experts and never in documentation,
• What you need to be secure: leave behind all that you hold true on security as described in baseline-and-risk-management approaches,
and how to:
• Abandon red-tape approaches focused on compliance,
• Connect with business continuity,
• Have an integrated risk-management approach instead of just leaving it to IT,
• Have management in control and still have service delivery involved,
• Have management follow up on risks.
With this way of thinking, and with implementing integrated security, we abandoned all that is perceived as a common good and best practices. We challenge you to think about all that you hold true in security and whether this helps you solve the real problems of your organisation; or does it just help management and the auditors feel safe?
In this book, you will find our approach accompanied with examples from its implementation by a variety of organisations, the latest being the Dutch police force. So far, the Dutch police force implementation is the most complete one of all the concepts devised.
To emphasise, this book is based on actual experience and implementation and does not just offer a theoretical approach. ×