Security Anti Fragile CODE

The usual "hierarchy" of computer systems whatever they are (sector, technology, cost, geolocation), especially in the Governance and Operation of the same, makes the latter more fragile than those computer systems that are generated from the "bottom" apparently without structure, which tend to counterbalance each other over time in their distributed aggregate, not only as a computational calculation or operating logic, allowing the system to self-correct and repair itself with respect to strictly hierarchical systems.

However, let's move the reasoning from the point of view of IT security, adopting the principles expressed above, analyzing whether an attacker acted with “hierarchical” or “structureless” systems.

Obviously, the answer is without structure, as by design an attacker tries to use an apparently illogical and naturally destructured thread even in the communities to which he belongs.

Now to face a challenge of mentality and non-ordinary methodological approach, organizations must equip themselves with an Antifragile Security strategy to respond to the diversification of method and model that an attacker can put in place, this is because today all organizations have a security installation. computer science that makes systems or services seem hyper-controlled, tending to appear too “calm” having all the pieces of the puzzle and showing minimal variability, while the risks accumulate silently under the surface of the corporate IT fabric.

Having N Security vendors installed does not mean being safe by design ...

So how can we fight against cyber threats in an Antifragile way?

We could introduce the concept of self-healing IT Security systems, but in this context, I'm talking about something slightly different: a truly anti-fragile system will not only heal; it will strengthen itself against future stresses of a similar nature but mainly based on a different, decentralized security organizational structure based on the knowledge of individuals who, by area of event, reason by enlisting other colleagues perhaps with different sec skills to create the "explosive mixture" and unpredictability that is needed to respond to an attack without being afraid of failure because the security human capital in the company must also be based on the concept of Learn - Teach - Learn to have a continuous improvement in order to:

• evaluate its security systems and processes with the aim of identifying the system and process vulnerabilities that represent the greatest risk for the company
• devise appropriate repair and response mechanisms, and regularly exercise these mechanisms to verify their effectiveness and robustness by thinking differently, not "Hierarchical" but "Destructured" from the business context to give free rein to the genius of the illuminating thought and contamination between people of the company that produces exerciseable Sec. playbooks and Sec. sustainable transversal processes. 

Only in this way will it be possible to create an anti-fragile security model in companies capable of bringing people to the center of their security strategy with the awareness that the decentralized model will speed up the exchange of information, comparison, growth and give birth true response to a cyber attack where all the "pieces" of corporate security "respond" as a single body by design

AKA Antifragile CODE