A.R.T. and Security ©
A.R.T. and IT ©
Purpose
The foundation of problem-solving is knowing whose problem we are trying to solve and what are the factors that play into the problem on an ongoing basis. Therefore, a 360-degree scorecard is needed to evaluate an IT Organization or SME relatability for the organizations and individuals we provide services to. The A.R.T.* scorecards serve this purpose, and the basis described below using security as an example. It is human-centric, design-thinking inspired method. I am an active user of it, and I use it to set my learning targets and evaluate the outcome of any given problem or vulnerability.
I look forward to your comments on this topic and usage over LinkedIn @ http://www.linkedin.com/in/skasturi
Description
The Absolute, Relative and Transactional (A.R.T.) friction factors can make or break Security. Consider these cause and effect relationships:
- Absolute Friction: Occurs and snowballs when the stakeholders of a business or organization are not heard or understood, or when the security group is not heard or understood. The effect is the irrelevancy of the security group.
- Relative Friction: Occurs and snowballs when there is a process disconnect. The effect is the inefficiency of the entire organization or business.
- Tactile Friction: Occurs and snowballs when the stakeholder’s or security group’s technology is not mutually understood in detail. The effect is insufficient automation.
Evaluation tool
Method to assess A.R.T. score is based on weighted key ‘empathy’ attributes for each of the lifecycles that impact and are impacted by security activities. Here is the link to the latest A.R.T. and Security (c) Coarse Grain Score v1 calculator form. A more detailed calculator will be released soon. You can always find link to the latest score card here.
Visual
Summary of The A.R.T. and Security - Lifecycles Impacting Security presentation I recently did at the Risk Management Framework (RMF) Lifeboat ISSA Education Group 13 October 2018 meeting is included below.
You can see the full presentation here.