Over 2/3rds of the World is Unprotected!
Security Inclusion Now!
One Digital Protection for All
Security Inclusion Now! is a global mission to address and reverse a rapidly developing unsustainable divide
between those who are digitally protected and those who are not!
A 27% minority or 53 of 192 countries of the world who represent a minority 23% of Global Internet Usage allocate the majority (~80%) of global protection capital allocated. The available capital is generated locally by their high-value creation economies. The irony is that these same countries who are "highly committed" to cybersecurity are still not reasonably protected.
Conversely, a 73% majority or 141 of 193 countries of the countries in the world who represent a majority 76% of Global Internet Usage have allocated the minority (~20%) of global protection capital allocated and therefore are not adequately protected.
45% or 87 of 193 countries are completely unprotected.
The conclusion:
Protection is for the rich!
Rich economies, rich countries, rich companies, and rich people.
A simple company-level example is embodied in a clear failure-of-duty,
the USA Equifax consumer credit reporting agency breach.
On March 19, 2019, Equifax was called before the United States Congress to account for the breach during a hearing on “Examine Private Sector Data Breaches.” Equifax’s new CEO testified he was allocating an additional $1,250,000,000 ($1.25B) to security over three years and were hiring an additional 1,000 security experts. Given the global shortage of security experts, it will be difficult, if not impossible, to identify and hire away the planned resources unless they offer higher compensation, which they will do given the available budget. The result, however, is increased costs for everyone.
... the other 1/3rd spends 80%
of the global security budget to protect itself
The vision of Security Inclusion Now!
The founder explains how the Security Inclusion Now vision can be realized.
The Accelerating
Digital Protection Divide
Reversing the Unsustainable Divide
It is estimated that there are 4.5B (4,536,248,808) people connected to the Internet, as of June 2019, based on a population of 7.7B (7,716,223,209), a 58.8% penetration *. The Global Risks Report 2019 ** outlines the greatest risks facing the world. Cyber-attacks are the 4th most significant societal risk in terms of likelihood and severity of impact. The ITU Global Cybersecurity Index 2018*', combines 25 indicators into one benchmark index representing the commitment to cybersecurity of its 193 Member States.
The result: of 193 countries,
-
53 or 27% have a high commitment;
-
54 or 28% have a medium commitment, and
-
87 or 45% have a low commitment.
The total global economy in 2018*" is estimated to be $86 Trillion. However, the world’s ability to protect itself cannot be based on the concentration of wealth. Africa represents 11% Internet penetration, exceeding that of North America (7.2%) and approaching the European Union’s 16% penetration. Yet Africa sits mostly unprotected. The Global Cybersecurity Market is estimated to be $300B annually by 2024 *"'.
Who will be protected, who will not?
Combining all these factors provide the basis to make the following general 80/20 claim.
-
A minority of countries in the world (<1/3) who represent 23% of Internet usage allocate the majority of global protection capital, available through their national value creation. The ironic part of it all is that the 27% of countries who are highly committed to cybersecurity and allocate the majority of the budgets are still not reasonably protected.
-
A majority of the countries in the world (>2/3) who represent 76% of Internet usage allocate the minority of global protection capital. 73% or 141 of 193 countries are not adequately protected and 45% or 87 countries are completely unprotected.
References:
*https://www.internetworldstats.com/stats.htm​
** http://www3.weforum.org/docs/WEF_Global_Risks_Report_2019.pdf
*' https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf
*" https://howmuch.net/articles/the-world-economy-2018
*"' https://www.gminsights.com/pressrelease/cyber-security-market
Digital
Protection
is a
Human
Right!
One Protection for All!
In the Digital World, Protection should be a Human Right just like in the physical world!
Today in the physical world, when you walk outside, there is protection provided by “society.” One does not expect to be shot or attacked outside their home or when walking around in public. This normative state of protection must also exist in the digital world. A person in the digital world cannot be harmed the moment they enter the digital realm, nor can they be expected to be experts on how to protect themselves. The environment must be inherently safe by default. Unfortunately, today’s environment is unsafe by default. Protection must become an intrinsic property of the system and not an extrinsic add-on as much of security is today.
“Look deep into nature, and then you will understand everything better.”
“We cannot solve our problems with the same thinking we used when we created them.”
Security has Failed to Protect!
Can it ever produce an alternate outcome?
No, not at the current industry technology capability maturity levels.
Security based on "human-worded" communication will never be able to protect!
The result of our current capability level is in the daily news. We are immune to hearing about breaches and feel powerless to prevent them. Fiduciary lack of awareness and appreciation for the excessive level of exposure has not changed. Protection is the combination of the amount and the quality of security. Fiduciary stakeholders control funding, which in turn controls the amount of security and quality of experts.
The combination of how the IT and Security industries have evolved from their inception and the convergence of several societal factors have left the “people-of-the-world” highly exposed. As is often the case after a forensic investigation, the breach is a result of fiduciary negligence over long periods where “more profits” repeatedly won over adequate safety and protection.
Today's security maturity compared to the complexity of what needs to be protected is like doing brain surgery with a hammer.
The outcome is the same no matter how many times you try!
​
A much higher variable precision, source independent & inheritance-based
measurement system is urgently required that define unique & unambiguous threat-asset-security relationships that are mass interoperability.
Introducing
“To raise new questions, new possibilities, to regard old problems from a new angle, requires creative imagination and marks real advance in science.”
High Precision
Cyber Protection
Modeling & Measurement System
Current security controls are traditionally in a worded form normally contained in a flat data structure with no deeper structure. Worded security controls describe one or more forms of security value to be delivered to one or more forms of business value. The challenge is that these relationships are authored by various bodies on a consensus basis at different levels of prescriptiveness and consequently must be interpreted, validated, verified and reconciled.
​
There must be another way?
What if a Security Control could be defined using an extensible variable precision DNA-like syntax structure that would transform them into unambiguous, unique, repeatable, and measurable constructs? Could they be machine-readable and enable automation? What if these expression structures could be linked to the security assets that deliver them; the business assets that receive and are protected by them and to the regulatory and standard controls they fulfill. Could these connections define a Peer-to-Peer Network pattern of the state of every asset and their relationships to threats and countermeasures?
Announcing the "Security Control Expression" Method
A method to uniquely and unambiguously define a Security Control. An Expression is a relationship defining how a business asset is protected from threats by how security is delivered by one or more security assets performing one or more security techniques and how protection is received by one or more business assets performing one or more business functions and how these security techniques fulfill in whole or in part the standards and regulations.
​
​
There is a much better way!
The Unified Security Model & Security Control Expressions
Security Inclusion Now
Switzerland
Security Inclusion Now.org is a non-profit organization to-be based in Switzerland whose mission will be to eliminate the
digital protection divide until the norm is - One [Digital] Protection for All.
SINOW will achieve its mission by launching regional initiatives in emerging countries for
sustainable security training capacity development.
Its distinctive approach is focused on "comprehension" of the fundamentals of cybersecurity. This method builds on the more typical review and discussion of security controls and how to interpret them.
Training is based on the struggle between good and evil, a story between 6 key actors involved in 5 relationships.
"Struggle to Protect - the Day in the Life of a Security Control."
​
Its globally unique training approach is based on the Unified Security Model which accounts for "all matters security" as one integrated system and an integrated "radically new "high precision" inheritance-based security model called Security Control Expressions.
The Protection SHIELD is a security control modeling and measurement software tool. It greatly automates two acute security management pains. The relationship between actual implemented controls and the control objectives in different frameworks they fulfill. Training occurs over a three month period and includes both security experts for training-the-trainer sessions. The Shield software technology remains to institutionalize security training and knowledge management; thereby, seeding the ability to self-develop and maintain local security capabilities.
​
Join the movement! Support Security Inclusion Now.org
Projects
Security Inclusion Now Japan
Security Expression Training for NARA Institute of Science & Technology*
A two-part three-month training program was launched at NAIST in November 2019. The training was conducted at the Industrial Cyber Security Center of Excellence** in Tokoyo.
​
The training program is centered around Security Control Expressions (SCE) and the Unified Security Model (USM).
Security Inclusion Now Tunisia
Seeding of a sustainable advanced security training capability to develop local security capabilities to serve regional demand.
Tunisia and the surrounding region have a natural untapped pool of young brainpower that can be trained to supply the enormous unmet demand.
​
The ultimate mission, however, is to provide people with not only the ability to self actualize themselves with a profession for life but to also provide for a family.
Security Inclusion Now
Switzerland
Making a Difference
through Creative Commons
The seeds of Security Inclusion Now as an enabling global standard was sewn into the International Telecommunication Union (ITU) in 2018.
As a 2018/19 US Delegate to Study Group 17 Security, Jacques has made a formal US contribution to ITU - Unified Security Model. The USM is the first-in-industry security model that incorporates "all matters security" in one architecture combining the amount and quality of security to deliver protection.
In the News
Latest Stories
"Top experts discuss key issues at ITU Workshop on Fintech Security"
August 27, 2019
‘Fintech’ or Financial Technology is one of the fastest-growing segments in the financial services industry – and it has massive potential to improve lives worldwide. Fintech services and applications must be secure if they are to earn people’s trust.
That’s why top experts from across the world gathered Monday at ITU headquarters in Geneva for an ITU Workshop on Fintech Security.
"To build trust, we could treat cybersecurity as a public good: Opinion"
Soon your refrigerator will be able to buy your food on Amazon, having noticed what you liked on Facebook and Instagram.
Cybersecurity is crucial for this to happen; to make sure that, while our food preferences are being noted, our identity is not stolen, credit cards not cloned, and our devices are not tampered with by malicious actors out to steal data or modify a machine’s behavior.
As the Fourth Industrial Revolution progresses and the integration and interaction of different technologies is used to improve individual and environmental well-being, cybersecurity will become even more important.
September 2, 2019
Protection Assurance for Digital Currency
Method for Achieving the Required Security Assurance Level for
Protecting Digital Currency including Digital Fiat Currency with High Confidence
​
We have successfully transitioned from physical signatures to their digital and electronic equivalents. Almost everything today is digital. Can we apply current security best practices in the same way we protect current systems? Can we accept the typical financial industry fraud losses? It is a cost of doing business. Can we accept a breach once in a while? The truth of the matter is that most Internet-connected systems are insecure-by-design and are compromised or can be compromised with just intent and resources.
Does Digital Fiat Currency or a Central Bank Digital Currency
warrant a higher level of security assurance than is typical of financial services today?
What will it take to “protect” various forms of Digital Currency? What is the problem? Do we have the capability and resources? The simple answer, based on our track record, highly uncertain. What will it take to get to the required answer – with confidence?
The field of Cybersecurity - one cannot see it, touch it, smell it, hear it. For these ephemeral reasons, the field has been and continues to be avoided by most and mostly misunderstood. Even within the active security field, there is great variability in skill levels. This is becoming worse with the influx of new practitioners. The field could benefit from analytical skills since the level-of-complexity of the field is very high and growing rapidly.
Today, innovation is outpacing our ability to secure and protect with confidence. The impact of not having a formal security taxonomy and ontology results in variability and subjectivity in the nature, form, and prescriptiveness of security control descriptions for identical security control topics. This variability requires significant human reconciliation and interpretation efforts, resulting in significant time and costs allocated to understanding, managing and normalizing.
This paper outlines a security model and expression method that addresses two security challenges
at the core of insufficient and ineffective protection.
-
The Unified Security Model (USM) integrates into a single system level model the fiduciary cycle of risk acceptance which determines resource funding (amount-of-security).
-
The Security Expression Model (SEM) integrates expressions into the USM as a single system with high visibility of “Risk to Value and its Protection” down to the more specific “Attack Exploit to Target Vulnerability and its Countermeasures” enabling advanced visibility, measurability and analysis of state-of-security to ensure quality-of-security.
June 9, 2019
Contact
Security Inclusion Now!
Get in touch with Jacques Francoeur, the Founder of Security Inclusion Now! to learn more about our work and how you can help and get involved.
