The Cyber Protection of People

Cyber protection is about people, not computers
Protection of People is the only purpose of cybersecurity

ARM-LP’s three cyber security competencies are Security of Data, Security of Information, and Security of Systems. One way or another each of these competencies enhances the venue security of online venues. ARM-LP uses a six layer model to depict cyber security as it ascends in humanity from the machine (Layer 5) to the user (Layer 0).

This Layer Is…
5 Machine The least human aspect of cyber protection, a machine is a fundamentally stupid appliance, entirely reliant on human ingenuity and creativity, that cannot easily (or at all) distinguish between benevolent and malevolent intent
4 Inside The lived experience of an organisation that influences decision-making, esp. with respect to expected conducts and behaviours or important stakeholders. It is the 1st of the two most human aspects of cyber protection.
3 Impersonal How does the lived experience of an organistaion motivate “inside legislation,” e.g., the policies and procedures used to govern what computer use is acceptable, tolerable, or intolerable.
2 Social How does the lived experience of an organistaion motivate (or not) the use of online social media?
1 Systems How do people use “inbound technology,” e.g., phones, faxes, email, texting, websites, Twitter…
0 Outside The 2nd of the two most human aspects of cyber protection, and arguably the most important: the Outside Layer describes or interprets events outside the organisation that influence decision-making, risk identification, and also the identification of opportunities

Targeted attacks

In this article, venue security means protecting groups of people targeted for attack.

A distinct use of venue security, Domain Intelligence protects online venues rather than physical ones.

Venue security in any context — people on property or cyber security — is subject to sophisticated and commonplace targeted attacks that affect the physical protection of people. In this article, however, targeted attack describes the actions of criminal actors who actively pursue and attack one or more specific groups (“targets”) that affect the data and information people willingly give to the organisations and communities they subscribe to or join.

The cyber protection of people assumes targeted attacks require both some expertise and sufficient resources to target, acquire, and anonymously compromise small business networks. Script kiddies must not escape our consideration.