Blog Layout
Digital Design Thinking With 'Locus of Control'
Rimesh Patel CEng
What it means for Cyber Security.
How businesses behave can be based on the perceived traits of consumers and clients, or professionally said, the personality construct of an entities belief system whose competency considerations attributes failure or success, so in today's new norm, how does your business operating environment consider;
•Perceived Control: Internal/External Locus of Control.
•Success Based Services: Risk Appetite Behaviour.
•Life Science Services: Consumer Traits & Influences.
•Patent Development: Marketplace Execution.
•Thematic Designs: Regulation & Framework Selection.
The term is mainly used within the psychology industry but it gives a welcomed sounding board for progressing your cyber security posture. The new low-touch economy and its use of cognitive last mile technology has heightened consumer needs, not only from a service delivery perspective, but also by innovating accessible technologies for health and well-being.
Overnight, the design of new products and industries has created the newest categories of data-disposition strategies and from our cyber security perspective it assists in clarifying applicable data privacy risks.
We've seen some concentric business units referred to as blobs or bubbles - these are now the new perimeters for technology that your design and privacy principals need to adapt to, including identifying applicable cyber security mechanisms.
If you are designing a new product or service, it is important to consider the functional traits and behaviours of new platforms and associated product interactions and how they represent risk perception. Consumers by necessity may need access to your new platform, but if the user design does not feel safe or the platform introduces technology risk, then your value is undermined. From a business view, it is important to understand the thematic and scientific telemetry -based thinking approach when considering what risk model is appropriate for your new product or service.
New modern smart solutions are extending the ‘just in time model’ of the 1980's to envelope consumer led customisation. It's only now possible as 5G, Internet of Things and Edge technologies provide the new foundations required to give consumers the ability to experience real time needs, but also select solutions based on their risk appetites.
Individuals with an 'internal' locus of control have higher propensity of adopting appropriate technologies, while those with an 'external' locus of control are less likely to adopt these newer technologies - 'Hierarchy Of Needs' play an important factor, so the reverse can be true too, and that's where design thinking is vital for your design and business resiliency.
Commonly, engineers adopt the view 'there is a design fault with the glass - not that it's half empty or half full'. Qualified design thinking will let you take digital logic into discrete thinking, so you can design for the multiple propensities of technology adoption. If you design a new pandemic-based solution, it is inherently going to have digital privacy techniques afore whilst also considering the perception of social distancing and other published pandemic standards.
Perhaps federated consent is mandatory across your technology ecosystem, if so, how will it be designed into your low-touch economy proposition? Getting it right now will mean you do not have an unmanageable list of compensatory controls within your risk register. Perhaps your new solution will use smart API's to connect the physical and virtual realities - if so, what assurances have you in place for data privacy against the new attach vectors,
Consumer technology must promote the concept of control, smart automatic lawn mowers only work once you have manually configured the garden range of the base unit - the user-based locus of control is simple here. For automated cars, the complex trait for each ecosystem vehicle-component needs to have applicable internal and external locus of control considerations applied correctly.
Whatever your industry, getting independent, qualified help in design thinking techniques will clarify your value proposition so your business can enterprise by design securely.
#RUCyberReady
What does 2025 mean for Cyber Security?
What does 2024 mean for Cyber Security?
Securmeo & Cyberette
What does 2023 mean for Cyber Security?
What does 2022 mean for Cyber Security?
What it means for Cyber Security ?
Empower your customers and partners, by not being their digital weakest link.
What to expect in 2021 for digital ecosystems.
For your customer it means they feel safe and confident that your products or services are less likely to get caught out by the trending hack in the news. For your business, it means you are not the weakest link in the supply chain, and for industry, you can interact with others who also demonstrate good governance a chosen threat and vulnerability management framework. A vulnerability management framework has to consider assets, inherent risks and frequency of threats, including; Secure Development Life Cycle Programme User Acceptance Testing & Penetration Testing Risk Remediation & Ownership Resilience Services Patch Scheduling A vulnerability management programme will unite the above into one programme that will increase your security posture. If you are dependent on your online internet facing servers, laptops or devices, then having a dedicate resource is recommended, you can also look at outsourcing repeatable activities, however assessing each risk should have final sign-off from internal leads only. Internal risk postures are constantly moving as are external ones, so making the assessment on how actual attack vectors are going to effect your core business activities is best done internally as the vulnerability categories for risk remediation is only understood by you - including how they effect your security policy. You might have a vulnerability management policy, especially if you are risk appetite is low or your core business interacts with regulated products like heath devices, smart vehicles, utility services or any critical service. Having a dedicated policy will let you validate you have selected the right framework to make assessments of each vulnerability and making sure old vulnerability patterns are not repeated. A good vulnerability management programme will make sure you own your risk and have the right security controls in place, even if you use compensatory controls, they too will be in scope for vulnerability tests, so you must know how your resilience frameworks take effect if those controls fails. SAIBER Ltd's Vendor Neutral Vulnerability Management package will let you execute vulnerability management efficiently by empowering your resources will the correct mechanisms that consider all the above, including technical assessments. #RUCyberReady
Telemetry is a concept used within communications systems, whether physical or digital that provides remote measurements. For your security staff, it means during an incident response they remain less disenfranchised on the severity of an actual incident. For the business it means during an incident the managers are less disenchanted on what factors to consider when trying to uphold a security policy, and for the industry, it allows us to share security operations data with others in a cleaner way - as we would have specified, using telemetry data, how an incident should be triaged. Combining these methods will not only keep your security operations teams better informed, but also let you increase your security posture throughout the organisation and technology estate - so as you move towards 5G, Cloud services, IoT or other Hybrid systems, you still have the ability to know what to monitor. Network Operations Centers typically use telemetry for performance and capacity bandwidth monitoring and now with the many next gen style non-perimeter-based integration points, the same concepts can be used to enhance security postures for different departmental technologies. Your organisations internal and external activities are likely to be complemented with the below business functions, and it's here that telemetry can enhance data quality ; SMART sensors and ecosystems Security Engineering Solution Design Quality Assurance Spatial Intelligence Object Orientated DevOp Methods Departmental Data Business Workflows Commonly associated with Telemetry are Metrics, Events, Logs and Traces (MELT). Your overall business process that uses technology components should be able to produce basic MELT data - it's this data that will help you gain better efficiencies, and from a security perspective, it is likely here that indicators of compromise (IOC) or indicators of attack (IOA) can be better considered for behavioural analysis and anomalous activity detection. What data will you need to validate that an IOC or IOA has affected your security operations policies, how can that data map to industry cyber categories within the Mitre Attack or Cyber Kill Chain models. These models typically feed off vendor logs; however, you can significantly enhance how these models enhance business resilience through better incident response and management activities - even automation efforts as they allow you to introduce a 'control signal' though the chain of command by a specific MELT ensemble. The combination of telemetry with your own technology platforms can let you compliment your organisations security policies, so when you get an alert, its already qualified. SAIBER Ltd's SME Solutions Package will consider vantage points like these to give you the best security posture you can have. #RUCyberReady