CC BY
1
UDC 005.2
Magomedova Aminat Dagestan State University Makhachkala, Russia SECURITY AND THE BUSINESS: THE NEED FOR AN ADAPTIVE SECURITY MANAGEMENT ARCHITECTURE
Annotation: The adaptive security management architecture (ASMA) seeks to take advantage of existing security practices and build upon them to promote the value of security to the business and to ensure a meaningful security posture. The ASMA is as much about the business and the security organization operating as a business unit as it is about security, risk, and compliance. There are many facets to the ASMA to achieve this, including capability maturity, applying security through services, and performance, security, and quality measurements that combine to ensure effectiveness and efficiency. Moreover, the characteristics of the ASMA provide clear visibility into operations and security that ultimately translate to adaptability and enabling the business.
Keywords: New Architecture, ASMA, the conflict of Change, traditional security and the emerging demands, business and achieving adaptability.
Why a New Architecture?
Today, security is predominantly a collection of practices that are applied based on policy and standards to ensure consistency to meet overall expectations in the management of risk and compliance. These practices are horizontal in nature given they are usually performed equally across the business and similarly across industries. In fact, most security organizations work very hard to ensure consistency throughout the environment to reduce the potential for gaps in compliance and to maintain reasonable uniformity in the environment to manage risk effectively.
However, the focus on consistency has created a rigid model that does not always effectively address shifts in the business. Moreover, the horizontal and standardized application of security practices does not necessarily resonate with the business for two important reasons. First, the business may be forced to have security applied in its entirety, which may include elements the business simply does not see value in, does not understand the applicability to their environment or requirement, or may be simply security's standard approach that is not tuned to the specific goal.
Second, there is limited understanding and visibility into the operational integrity of the security group and the application of security practices. For example, how efficiently are the security practices being performed, how effective is the result, what features align to the business's goals, and how do these security practices relate to the overall security program and the mission of the company?
These challenges represent the reasoning for an adaptive architecture that utilizes services as a method for applying security throughout the business. Moreover, and a very important overriding theme throughout this book, is today's security is mature, comprehensive, and quite sophisticated, yet how do we unleash
that potential and change the very identity of security in the business? Arguably, the consistency fought for within the security industry has merit. Nevertheless, this has also ushered in difficulties in aligning effectively to the dynamics of the business and achieving adaptability.
While security has evolved significantly over the last several decades it has also unwittingly become a limiting factor from the business's perspective. Businesses seek to explore opportunity, increase market share, drive revenue, and differentiate themselves. This means taking on risk and new challenges and always changing. Conversely, security seeks to protect the business and put in controls to ensure compliance, manage risk, reduce the potential for debilitating events, and drive consistency. While this is exceedingly important, balance between enabling the business and protecting the business has not been fully achieved. In fact, one could argue there is a growing chasm (Figure 1) between the directive of security and that of the business. This has become exceedingly evident in the face of massive, global economic turmoil.
Security Business
Protect the Business Explore Opportunity
Manage Events Increase Market Share
Ensure Compliance Drive Revenue
Manage Risk Market Differentiation
Figure 1. Security and business chasm.
Introduced above, the two problems can be summarized as the application of security and the operational integrity of the security group. The holistic employment of horizontal security practices in their entirety may not meet the business need, may include features that are not applicable, or worse, not include attributes that are critical to the business or the overall security posture. Moving forward security must acknowledge the business's needs as much as the desire to ensure comprehensive security. Next of course is how investments, budgets, and resources in security are employed in providing security and how this is communicated to the business in terms they can readily digest.
The ASMA closes the gap between business needs and security needs, and redefines security in the eyes of the business to be seen as a valuable, enabling force. It does this by doing two simple and fundamental things. First, it exploits the sophistication that exists within most security organizations today. Second, it does not try to fight the consistency battle causing the divide, but rather it embraces it in the form of business intelligence and operations.
As security evolved it produced a great deal of standards in the application of security practices. And as previously discussed this presents a degree of rigidity and inflexibility. However, beneath this lie extraordinary capabilities to address virtually any scenario. We've all experienced a situation where common approaches fall short and the "go-to-guy" is called in to connect the dots. The resulting activities may be non-standard and unorthodox, but the ultimate goal is achieved. Essentially, the "go-to-guy" understands all of what is possible and what exists within the realm of security in the organization as ingredients, takes time to understand the need, and composes a solution that utilizes existing nuances to fine tune security to meet the specific objective. Moreover, this is performed in a manner that not only satisfies the business demand, but also ensures it has value in the larger security posture, such as compliance and risk.
References:
1. URL: http://edutechwiki.unige.ch/
2. URL: http://www.ittoday.info
UDC 005.2
Magomedhanova Gulnara Dagestan State University Russia, Makhachkala
ECONOMY
Abstract: Economy is a system which tries to balance the available resources of a country, including land, labour, capital and enterprise. The word "economy" derives from Greek language and means "household management". Economy of a certain region or country is closely interlinked with such areas as culture, education, technological progress, history, political structure, legal systems, natural resources and ecology. These areas or factors set the conditions for the economy. That's why some cultures create more productive economies and function better than others.
Keywords: Economy, management, developing, technological progress, Economics, education
It is a well-known fact that without taking into consideration the knowledge of Economics every country will come apart. Firstly, Economics helps countries in various branches of trade. People sell and buy various things: from pens and pencils to cars and houses. Economics helps us to normalize these relationships. For example, ancient Rome was the biggest and the richest state of the ancient world. It became rich mostly with the help of its army and emperors. But to normalizing the relations, people's everyday life and not have any conflicts Rome needed a good economy, which is impossible without the knowledge of Economics. Secondly, Rome is the one of the most beautiful cities with its cathedrals, statues, and ancient buildings. The most famous building in Rome is Coliseum. It is famous for its gladiatorial fights. Gladiators were furious fighters. They fought till everyone was killed. Without a highly developed economy Rome could not become so rich and
