At WiseGEEK, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.
What is Holistic Security?
Mary McMahon
Mary McMahon
Holistic security is a form of security which operates on multiple, fully integrated levels. This approach to security can be taken to secure a structure, a computer network, a campus, and any number of other things which might need securing. The underlying idea behind holistic security is that systems need to be considered as wholes to achieve the greatest level of security; while it is important to be aware of individual aspects of a system, the ways in which these aspects work together are also a key part of a security system.
Several different areas of security are applied together with holistic security. The first is security technology, along with security software, which is intended to add security. This can include everything from the locks on the doors to the software programs which deny access to unauthorized personnel on a network. Another aspect of holistic security is the application of procedures, which involves creating effective security procedures to be implemented by people who interact with the system.
Finally, people are another key part of a holistic security program. These programs recognize that people working within a system can be integral to its security. One aspect of using people involves asking people for feedback, and specifically asking that people identify security holes, with employees being made aware that there will be no penalties for pointing out security flaws. Likewise, people can be involved in the formulation of more effective security policies, as they often know the system most intimately and are aware of areas of potential improvement.
The holistic approach also avoids the tendency to add layers upon layers of security which do not interface or connect with each other. Instead, the system works together, with the avoidance of patches and other disjointed elements. This ensures that all of the systems used for security can interact with each other. Imagine, for example, a compound with two guardhouses. When the guardhouses can talk to each other, this is an example of holistic security. When the guards have no means of communicating, and perhaps don't even know about the existence of another guardhouse, they are not working cooperatively to reduce security threats.
Implementing holistic security programs can involve input from security consultants, employees, and members of a company responsible for handling security. These types of programs can be ground-up replacements, in which everything is started all over again, or overhauls of systems which are designed to streamline them without necessarily replacing them.
Mary McMahon
Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a WiseGEEK researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.
Learn more...
Mary McMahon
Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a WiseGEEK researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.
Learn more...AS FEATURED ON:
AS FEATURED ON:
-
![Businessman giving a thumbs-up]()
Businessman giving a thumbs-up
Discussion Comments
@BigManCar - That is the problem with security. Without good policies and all of your people on board, it is all pretty useless.
My favorite story for that is from when I was an IT worker. This whole office had their computer network updated, and a strict password policy was put in place. Now, they were all used to just logging into everyone's computer whenever to get something they needed. Shared drives were available on the new network, but they didn't want to learn to use them.
Long story short, they passed around a clipboard, everyone wrote their password and username on it, and they hung it on the wall in the front of the office. Kind of defeats the purpose, really. Security requires compliance with the policies, otherwise it just doesn't matter how good your tools are.
I read a book by a former Navy Seal, and part of his job was to break into military bases to show how easy it was to do so and try to help the commanders beef up security.
The things they got away with were hilarious. It turned out that the military security standards were pretty bad. They had all kinds of regulations for how high a fence must be or how many feet of chain to use when locking a fence, but there were gaping holes in their plans, and this guy exploited them all.
The smart officers took a look at their policies afterwards and tried to make everything work together better.
I am a huge fan of holistic security, or really of a holistic approach to most anything. You have to consider "all sides of the story" if you want to figure out how to keep your property safe.
You can have the strongest walls and gates in the world, but it doesn't matter if nobody's watching it and someone can just climb over. Same with a computer. Great antivirus software only helps so much if you haven't trained your people on good security and data protection practices. An integrated system is the way to go.
My company has a research facility, and they had a big problem with trespassers on the land inside the fence line. The ended up establishing a roving patrol, and they found where the kids were coming through the fence and having parties on the weekend. By staying on top of it, they were able to stop the problem.
Post your comments