editione1.0.0
Updated October 9, 2023So how do we go about understanding these events and how we can add a dash of security to them? It begins with looking at why and when these events occur and how likely we are to be able to plan for them in advance. To start, let’s look at the two types of common events—planned and unplanned.
Definition Planned events are predictable in some way. For example, if you are posting a job advertisement, you can safely assume that sometime soon you will hire someone and then hopefully onboard them to your team. You can also assume you will need to give them a device to use and provide them with tools to get the job done. Each of these processes and events has a parallel set of security activities.
Planned events will operate in repeating patterns. This means we should be able to build systems and tools to make them easier to secure and track.
Definition Unplanned Events are difficult to predict. This does not mean that they are not likely to happen, it just means that it’s difficult to know when they are likely to occur in your company.
Going back to our people security examples we used in our planned events, we consider the loss of a team member as unplanned. We know that people will leave the company but we don’t often know when that is likely to happen—especially when the loss is more than just a resignation or planned retirement. If a team member is removed for poor performance or negligent behavior, this may happen with little notice and your team will need to be prepared to move fast to secure this event.
Unplanned events are hard for us to schedule and plan for, but we can be prepared for them. We know that these scenarios are possible and can be ready, just in case.
This all seems quite straightforward, right? There are events we can plan for or prepare for, and so long as we are well organized, we can weave security through everything that happens in our business. It’s simple … except when it’s not. Let’s take a look at the common challenges we face with triggered security events when we’re growing.
Even predictable events (hiring, promotions, etc.) can be difficult in a growing company due to the pace our worlds run at. We have the same events as any other organization, but because of the way we are funded and the ambitions we drive towards, we may experience many more of these events in a shorter time period than a more established company. Combined with relatively constrained resources and budgets, handling all of these events can be challenging enough without adding a layer of security on top.