TIME |
||||||||||||||||||||||||
|
Difference between security and protection
Submitted by fotios-dev on Sat, 2008-07-19 03:17.
I work for the IPSC of the JRC of the EC. Ideally all those working here should know the difference between Security and Protection; after all both concepts feature in the name of the institute that provides their bread. However, I really think that of the hundreds of employees in IPSC probably relatively few would be able to define it precicely. It could even be tempting for some to argue that there is no difference between the two and that, in fact, the name of the institute was probably put together by some clueless politician. This has nothing to do with JRC and IPSC in particular and everything to do with how people in general often let similar or closely related concepts merge into each other - important distinctions being lost in the process.
The fact is however that there is a difference between the two, however subtle and context vulnerable. In a nutshell, protection implies action while security implies goals. That is, security is expressed as a set of "oughts" (comprising what is usually referred to as a "security policy") that are enforced by a set of appropriate protection mechanisms and activities.
About "safety"
Another relevant concept is that of safety. Sometimes, safety has to do with risks related to non-conscious actors (e.g. nature) while security is more concerned with conscious actors. Most times safety is closely related to human health. Things are not necessarily that clear; there can be overlap depending on the field/domain of discourse. However, at least in the field of IT security, "safety" is almost always related to human health and is one of the factors that help determine certain types of security risks (i.e. safety is basically subsumed by security) that are then considered (some mitigated) in putting together a security policy. A good example of this type of treatment of the two concepts (i.e. security and safety) would be CERT's OCTAVE method/process.