Steffen Mau, a German Professor for Macrosociology at the Humboldt University in Berlin has written a book that appeared in German in 2017 and in English in 2019 entitled: ‘The Metric Society: On the Quantification of the Social’.
In brief, his book is about the, sometimes worrying, emphasis of the importance and the impact of quantitative information. For the cybersecurity context, the arguments presented in the book are highly relevant, and they are at the heart of our CS-AWARE offerings which we can epitomise in two sentences only: Providing a metric solution to cybersecurity doesn’t work. The social aspect is of great importance in securing organisations. There is a joke in the security community that illustrates the problem quite nicely:
‘This does not follow standard practices’
– ‘No hacker, ever’
That is why we have adopted a socio-technical approach. It is holistic in that takes into account the entire company and its organizational culture, the people and their responsibilities, the particular goals promoted, and the various technical operations and processes involved. We use this socio-technical approach to both monitor and manage the cybersecurity of an organisation. By doing this, we capture the unique and individual practices that cannot easily be quantified, but have a significant impact on cybersecurity.
It is all these issues and aspects that play a pivotal role and can make the vital difference. For CS-AWARE and our offerings it is a central feature, as we strive to provide our customers with a holistic socio-technical view of their organisations, facilitating a much-improved ability to maintain cybersecurity.
The CS-AWARE Team.