editione1.0.0
Updated October 9, 2023I want to give you permission not to read this entire book.
Let me explain.
When it comes to securing what matters to us, we each start at a different place and have different goals. We bring with us a set of experiences, expectations, and skills. We each operate in a different set of circumstances with a different set of constraints. Your pathway towards security will be different to others around you and as such, your needs from this book will be different.
While you can of course read this material sequentially, you are equally encouraged to approach it in a way that suits you and where you are now:
If you have never approached security before, you will find that our sections progressively guide you from securing yourself to securing increasingly big or complex environments. By following that journey, you will learn how to identify where the value lies in your organization (and therefore what you may want to prioritize for protection) and then, step by step, build up the actions and understanding needed to build security into your environment.
If you are not new to security or you have already begun to take some actions to reduce common risks, you may wish to use the sections as a way to self-assess your maturity. By looking at the topics covered and the actions and suggestions we have included, you will be able to confirm your successes as well as identify any areas you may want to dig further into.
If you have been managing security for a while, your reasons for reading this book may be different: your aim may not be to improve your own posture but to empower others in your world to take similar actions or to communicate these concepts to those who do not share your experience. In this sense, Security for Everyone can be a tool to scale your security practice and enable others to join you in improving the security of what matters in your world. When you are approaching this book, instead of assessing your own maturity, assess the maturity of those you wish to lift up. Starting where they are will allow you to understand their challenges and find ways to assist and support as they mature.
As well as your personal experience with security, the environment you are trying to protect can change your requirements for security.
For individual security, this means the difference between protecting an occasional internet user from phishing attacks, and protecting a high-net-worth individual while they frequently trade stocks online. This difference in circumstances will change all aspects of your security approach—the risks you face, the impacts if they were to be exploited, and the processes, actions, and technologies you can use to manage the situation safely.
For those of us protecting businesses or other organizations, the field in which we work makes a big difference too. Whether you are in the finance sector or retail, non-profits or high tech—our industry, size, profile, and the types of data we handle will change the risks we face and the standards we are required to meet.