So I'm in my final two weeks before I'm off to Chicago to sit for my CISSP (and hopefully pass). Much to do: between paperwork at the office, a week of helpdesk duty, major packet transmission questions, and craziness 'round the house, and - of course - studying, I don't have a ton of extra time.
Even so, I've been itching to get back to writing potentially interesting things, as opposed to just occasionally pinging the world with random cat videos (and their equivalents) so, in the spirit of studying for a security-related test, I thought I'd offer up a few essays on personal security, security fallacies, and general advice.
I hope you'll bear with the conceit - it'll help me study, if nothing else, as many of the high-order concepts are common regardless of venue. Without further ado, then - let's get started.
Security Broad Strokes
The idea of security is one that I have come to believe most people get terribly wrong. You say security, and people immediately think of masked gunmen, bad neighborhoods, locked doors, and property theft. The truth is that, while security includes all of these elements, it really is something that's both broader and deeper than our focus on crime implies.
In fact, in the US, crime isn't as prevalent as the media and our confirmation bias would have us believe. Using one of my favorite articles, your chances of being the victim of a violent crime are:
- Are you male? 18.4 per thousand people (1.8%). Female? 15.8 per thousand (1.5%).
- White? 1.5%. Black? 2.7%. Hispanic? 1.8%.
Property crime tends to be linked to income - lower income households experience property crime at higher rates than higher income households - the lowest bracket experiencing property crime at a rate 1.6x higher than the $75,000+ annual income bracket.
Really, though, your statistical likelihood of being the victim of a crime is directly related to what you do, in general, with all of the various risk factors being additive. Male, 24, living in apartment, going clubbing the bad part of town every night... far more likely to have an incident than a Female, 24, living in an apartment, avoiding high-crime areas.
The important thing to know, though, is that, in the aggregate, the best data I can find suggests that only about 4% of the population will directly experience a significant property or violent crime (your odds are about 1 in 20).
What about nonviolent crime?
The largest growing segment of criminal activity in the US is Identity Theft and fraud, with nine million people affected in 2010, and that number going up (roughly 3% of the population each year!). In the aggregate, the odds of having your identity stolen - before this year's high-profile breaches - are about 200 to 1.
Let's put these numbers in context:
The odds of dating a millionaire are about 1 in 220.
Getting in a car wreck on a 1,000 mile trip? 1 in 366.
Odds you'll get in a car wreck? er... it's actually one wreck per seventeen years you're actively driving. So, if you live to the age of 70, you'll have 4.1 wrecks.
That 1 in 20 chance that, in your lifetime, you'll be the victim of a violent crime? That really puts the overall odds at about 1 in 550,000 that today will be the day (assuming you live to be 75).
That doesn't mean you should, of course, discount security - but it's important to recognize that the things we're protecting ourselves from aren't common, nor are they immediately likely. In the end, Security is about risk management, and that's a vital thing to remember as we discuss the topic moving forward.
I want to say, before I bring up the next example, that I'm a gun owner, and support people's rights to own guns responsibly. We good? Good.
One of the greatest examples of bad personal security is a gun. In fact, if you're buying a gun to protect yourself - specifically, the reason you purchased that gun was because you feel safer carrying it, you're almost certainly barking up the wrong tree.
For every time a gun is used in self-defense in the home, you'll have 4 accidents involving guns around the home. (one third of 8 to 12 year old boys who find a handgun pull the trigger.) In 2011, 10 times MORE people were shot and killed in arguments than by civilians trying to stop a crime. Your odds of being shot are 4.5 times greater if you are carrying a gun when you are the victim of an assault. Your odds of dying in that assault are 4.2 times greater.
Buy a gun, get a concealed carry, and be worse off - that's not a very good investment in personal security.
Good security is about being safer than you are, about the habits you pursue, the choices you make, and the technology you implement, from the low-tech (door locks) to the high (phone encryption). It's about ideas more than things - about the policies you set for yourself, and the actions you take to enforce them. Good security practice makes it harder to make bad decisions while not overly interfering in your life.. while bad security does one or the other very poorly.
That's what we'll look at, then - what's worth doing, how effective is it, and what's realistically necessary to both stay safe and have enough room to have fun.
Here's hoping it's worth something.