rethinking security

I’ve been thinking a lot lately. The way we do security today doesn’t work. In fact it has never really worked. We need to rethink bottom-up, inside-out how we do security. The problem is that for the majority this requires some major rethinking that is outside of their comfort zone. For myself and others that want to change how we do security, and we are many, but still much too few it is an uphill battle.

Mathematics, nature & security

I have been thinking quite a lot since reading a book from Margeret Wheatley who pulled together systems-thinking and nature to management and organization dynamics.

It really does not make sense that we apply the rules of tick-boxes to prove compliance equally to closed and open systems. ISO27002 control framework is designed for closed systems. Our security programs do not work because in most it is the open systems that are problematic. It is my opinion that if we follow the simplicity that is a gift from nature and just apply this to how we deal with open systems in security we would find new ways forward.

Watch the following on the Fibonacci sequence in numbers.


Then imagine that this pattern is repeatable to what is called fractals, smaller and smaller and smaller the same pattern. The follow video is computer animated, but gives Nature is amazing!