Security Convergence: Hackers, Gurus and the Military
Rod Beckstrom, the recently departed Department of Homeland Security director of the National Cyber Security Center and chief executive officer of ICANN, introduced “Beckstrom’s Law” as a principle to align security spending with risk management. In short: “The value of the network is equal to the net value-add of each user’s transactions, summed for all users.” The example was a private golf club where players pay a certain amount (membership dues) to limit the number of critical transactions (tee times). This is not a social “Facebook”-type model where many numbers of “friends” may provide no value at all. If the key is to measure a security investment with the goal of reducing losses, one must identify the critical transaction priorities and spend accordingly. In fact, firewalls were discussed as a budget item that protects a perimeter that no longer exists. The message? Some security wastes money and security requests must use a business model (transactions).