What Do We Want ?

The first step in building an effective information assurance program is to understand exactly what we want when we desire security or assurance . What is the specific effect that we want to achieve?

Think about building a house. A requirement that nearly everyone may have when building a house is for it to be safe and secure. Would it be sufficient to just say to your builder, Build me a safe and secure house and then to expect to get exactly what you wanted? Safe and secure could be interpreted in many different ways, depending on what role one plays in the building effort.

What would safe and secure mean to the parents of several young children? Would childproof be more accurate? On the other end of the chronological spectrum, safe and secure to an elderly, retired couple may mean an entirely different home design.

Depending on the environment where the home was being built, safe and secure could have some different meanings also. There could be special structural requirements due to the frequency of hurricanes, tornados, or even earthquakes in the area. Perhaps high temperatures or an abundance of snowfall could become factors in determining what safe and secure really means.

Of course, fireproof could also be a specific example of safe and secure as well. And finally, the prospective homeowners could simply be concerned with physical security.

But beyond just the homeowners desires for a safe and secure home, there may also be other parties with the same or different interests in the meaning of safe and secure . In all likelihood , the homeowners will have a mortgage, and in order to get the mortgage, another party will have to be involved as well: an insurance company to provide homeowners insurance. In order to get the loan, the homeowners will need that insurance policy, and in order to get the policy, or to be able to afford it, the homeowners will need to convince the insurance company that the home is worth insuring . An insurance company will not want to offer a policy on the proverbial house of straw , preferring instead that the homeowner build with something stronger and somewhat less combustible.

The homeowner, builder, and others such as the bank and insurance company, may also have to pay attention to governmental standards for safe and secure homes , in the form of zoning regulations and building codes. In fact, there may even be penalties and incentives regarding complicance with the codes and regulations: fines from the local municipality for failing to follow zoning laws, and lower insurance premiums for safety features above and beyond the minimal requirements. In some areas, there may also be applicable requirements imposed by a homeowners association. Though such associations usually do not need to develop detailed codes or bylaws for physical or structural safety and security, they can contribute to complicance by requiring major home additions to be completed under a building permit issued by the local government, and they can also contribute to safety through efforts such as a neighborhood watch program.

So depending on your perspective, safe and secure can have a number of different or more specific meanings. All of the many different perspectives may be equally valid and need to be met. And all of the different views must be understood by the homeowner.