Research & Consultancy

^ Introduction/Safeguard

 

Advantages of using a Safeguard structure, instead of endlessly investing in 'cyber-security':



Safeguard structure


vs.

 

         "cyber- security"
 

Simple method
"Once you know how, it's easy"
 / Complexity increasing methods & structures


Logic you understand 

 /


Blind trust in 'their expertise'

Large organisations just need: 
 1 Safeguard Officer, 
 + one deputy, as backup & sparring partner
 With max 3 assistants

 /

Large organisations 'need' a multitude of expensive
 Risk management & Security Officers, 
 Security Consultants, 
 Security Architects, 
 Security Auditors/Testers,  
and so on..
Knowledge transfer,
 to become able to Do It Yourself
 / You will keep 'needing' them.
And keep buying more products and services
  • Integrity
  • Advice only
  • Craftsmanship
 /

Conflict of interests due to

- Also selling products.
 Like equipment, software, service contracts,
  security-tests, certifications, etc.

- Want yielding repeat business.
 Get it by not resolving the root cause issue,
 are instead selling symptom mitigation.

Cost reduction

 /

Cost increase

Full warranty
No disclaimers

 /

No cure, still pay

Disclaimers, ambiguity loopholes  and  small-print

Pro-active method

 /

Combination of
 Re-active systems & procedures
 and Pro-active controls
Holistic:
& Infrastructure aspects
& ICT aspects
& Legal aspects
Compliance  
& Privacy assurance
& Physical access aspects
& Organisational structure aspects
& ...
In 1 interdependent coherent structure
 /

Combined point 'solutions', like:
~ Several different network & host 'security' tools
    to mitigate various known issues. 
~ Limited scope Standards 
~ Limited scope Audits & Certification
~ Security Officers, +Consultants, +Architects, and ...
~ Partial outsourcing/out-tasking 
~ Unnecessary "risk  appetite / acceptance" choices
~ ...
Complementary & Flexible 
 /

Organisations lose their autonomy with its unique edge
 after being dragged into a so-called "one-size-fits-all standard framework".

Bureaucratic 'security standards' like ISO-2700x, IEC-62443, etc.. 
 Turned out to require a lot of extra effort,  ..without a decent result.



To keep harm at bay,
 and sensitive information inside
 / Be part of a rat race...
 To try to defend mostly invisible complexity,
  only partly against a few known attack forms



In control

 /

Out of control