Friday, April 14, 2017

Financial Cyber Security: #1 The Security-Convenience Continuum

Okay, there is one thing is we need to understand when we get down to looking at Financial Cyber Security, or anything that requires security at all. And that is the good ol' Security-Convenience Continuum. It's very, very complicated, so let me draw a diagram for you:

So on one end you have Safety.
On the other end you have Convenience.

Basically, this is a gave-and-take relationship. If you want more convenience, you get less security. If you want more security you get less convenience.

Let's take a bicycle for an example.

#0: The most convenient way to access your bicycle is to keep it on the ground floor, with no locks.
Pump up security, cut back on convenience #1: Add locks to your bicycle located on the ground floor
Pump up security, cut back on convenience #2: Keep your bicycle on your floor corridor
Pump up security, cut back on convenience #3: Keep your bicycle outside your house, with CCTV
Pump up security, cut back on convenience #4: Keep your bicycle inside your house
Pump up security, cut back on convenience #5: Dismantle bicycle and hide the parts separately

Is #0 the most convenient way to ride your bicycle? Of course!
Is #5 the most secure way to prevent your bicycle from theft? Seems like it.

But of course you can see that #0 is ridiculous because your bicycle has no security, while #5 is also ridiculous because it is so inconvenient, you would probably never ride your bicycle.

Other examples? How about your usernames and passwords? The most convenient combination is your email as your username and just recycling Password123, but of course, how secure is that? Not very, I must say.

Hmmm, what else is convenient? Just hopping onto a free internet computer terminal and logging into your emails, ibanking, etc. No need to log in and fumble around through your phone with that tiny screen, and no need to worry about any data charges too, right?

Personally, I believe that when it comes to Financial Cyber Security, it is better to be more on the secure side as compared to the convenient side. With every step up and down the convenience ladder, you should also be aware what sort of security you lose and gain. Honestly, it is more art than science to decide on a sweet spot for you and it largely depends on personal usage, experience and tolerance for inconvenience.

Sometimes by moving along the continuum, you get a massive increase in convenience with an insignificant drop in security. You might want to consider to make this change.

Sometimes you also get a huge drop in security with an almost indifference user experience for convenience. You might not want to make this change.

However, no matter what, I believe that it is important to have a personal minimum threshold when it comes to security.

I like to think as a huge plot of land being your kingdom (all the personal information about you), while there are information about you that is scattered across the land. You can relocate the information if you want. People is access and invaders, attackers are well... invaders and attackers.

First, I need to identify what information about me is lying around. Is it freely accessible by anybody? What are the controls I have to make sure that this information is not abused? Can I protect and prevent free access to these information?

For me, all my information that I want to secure should have a castle built on it at the very minimum. A castle allows me to have the infrastructure to control and monitor people that move in and out of my castle (accessibility), but also ensures that my "information" within the castle is not being freely accessed by anybody.

Each castle (containing information) can have enhanced defences, such being built in the heart of your kingdom, being clustered together for group defence (but also group vulnerability), having part of your army patrol between castles, hiding the castle in a forest or in the mountains, having walls which are higher or thicker than usual, re-inforced gates, wall archers, boiling pots of tar, dummy castles, secret escapes, etc...

How you decide to "defend" your castle and your kingdom is really up to you.

But of course, with more defences (security), you also eat up a lot of resources (convenience) which could be better used to do other more productive things.

Sure, you can have a secret, hidden, impenetrable castle, but how would people access it? It's the same as dismantling your bicycle and hiding the parts separately. Safe and secure, no doubt. But useless in terms of access and convenience.

Anyway, that's just a little bit of rambling. Maybe my analogy might be a little bit confusing and a bit stupid, but bear with me because I just thought of it on the spot to make it a bit more visual for people who have difficulty visualling without examples.


  1. The stock yields a very attractive 3.9% at the current price. The

    dividend was increased by 12.3% at the start of this year. Since it became an independent company in 2013, AbbVie has increased its payout by 60%.

  2. GMGH, the more convenience, the higher chance to compromise security/safety

    1. Hi Starlight, exactly. Most people choose convenience over everything and end up leaving themselves open to a lot of vulnerabilities for possible nasty things to happen in the future.


Observe the house rules.