Security Challenges - Next step

View the original Working Session content

The questions for the session were as follows:

  • Is the approach of finding similar industries or situations valid?
  • Does Dave Snowden’s experience support following or abandoning this methodology?
  • If it’s not valid, what methodologies should be used to create or find, and test, the correct strategies?
  • Can we learn from other practitioners in related areas as a useable “hack” to choose effective new strategies rapidly?
  • What are the underlying assumptions of the current strategies? Are those underlying assumptions valid?
  • Is this area of study financially or practically viable?

Outcomes/Deliverables (recommend)

  • The only outcome so far is this document, but the session shows pathways to creating further outcomes in future.
  • While the session only had a few attendees they all agreed that this approach is valid, and the approach should be explored.
  • The idea of “not reinventing the wheel” in regard to tactics and strategies was regarded as relatively obvious.
  • The idea was raised of having non-infosec people, but in a profession or discipline we’re interested in, playing cyber security themed games and comparing their success rate against those of existing information security practitioners.
  • The idea of “underlying assumptions” was briefly touched on, but the track organiser thinks this needs to be kept as a separate concept and approached as a distinct area of research in future.
  • Luis had the particularly good idea of approaching cyber security people who work closely with the professions we’re interested in, for example the Security Officer for a hospital, and asking them to access the medical professionals’ thinking on a related abstract problem.
  • Sean made the great point that, using the understanding from Cynefin of different levels of complexity, other professions might understand the abstract problem so well that, for them, there is Good or Best Practice. However the problem for us is still in the complex area we are not able to know what is Good or Best Practice.

Synopsis and Takeaways

  • There is value in this direction of research.
  • Find small examples of where this is useful, execute the project, and use that to obtain sources of funding or find others who are interested in taking part in the overall idea.
  • Keep going.

Identified Questions

  • Where to obtain funding for further investigations in this area?
  • Is funding required, or could a methodology be put together which then can take up only a few hours time of specific well-placed individuals?

Working Materials

  • Only this document for now; further documentation will either be added to the outcomes or a separate online repository will be created.

Additional/External References

  • If an external repository is set up then a link should be included here.
  • If you are reading this in the future, after the Summit, and know that a repository exists but it isn’t linked from here, please either submit the Pull Request yourself or contact the track organiser.

Session organiser(s)

Nick Drage Nick Drage


Jim Newman Jim Newman , Chris Dobson Chris Dobson , Florian Buetow Florian Buetow , Tom Ling Tom Ling

Attached materials: