People go online. Media covering security breaches becomes common. Stealing for money and information cybercriminals raise the priority of protection.
What is most confidential? What cannot you afford to lose? What would cause the most damage? What might affect your reputation? Pays extra finding out what you want to secure and protecting it.
Financial records, credit card details, bank account details, Personal Identifiable Information, account information, primary email, passwords, files, privacy, anonymity, activity. We can define security assets as all the things you care about.
Think about if they were stolen, destroyed, placed on the Internet, put in the hands of a criminal, or encrypted so you could not use them.
Many people use the same name and password for multiple accounts. What if media and police investigated a security incident and pointed at your company as the nexus point of the leakage?
A professor shares a computer screen with his students. They spot one browser tab he had left open. It is a porn site. They make a screenshot and post it on social media. It goes viral. That privacy breach devastates him and costs him his career. This is a true story.
Security assets are individual to your personal needs, and a list of assets can concentrate efforts later for applying security. Your adversaries might include your forgetfulness, hackers, cybercriminals, nation-states, oppressive regimes, or your ex-partner if you’re unlucky.
It is important to know that risk is unavoidable. If somebody claims you are 100% secure, run a mile. Unless you stop engaging in an activity, the risk is present.
Security is the degree to which our assets are resistant to threats from our adversaries. To protect these assets, you first model your security landscape and apply security through various security controls like lock screens, Open PGP, patching, HTTPS, 2FA, blurred screens.
Select security controls based on their ability to mitigate your perceived threats, adversaries, and the consequences of that realization. One size fits all solution does not exist.
The downside – security impedes ease of use. Therefore, choose security controls to fit the purpose, leaving other areas unencumbered. Protect assets you value the most and that are the greatest risk.