Do Security Systems Fail Because Of Entropy?

Abstract

Security is implemented to mitigate an organisation’s identified risks, linking layered elements into a system to provide countermeasure by the functions of deter, detect, delay, response and recovery. For a system to maintain its effectiveness these functions must be efficaciously performed in order; however, such systems may be prone to decay leading to security failures. This study used a three-­‐phase qualitative methodology to develop an entropic theoretical foundation and to present a model of entropic security decay. Security decay is defined as degradation of the microscopic constituents propagating through the security system as a result of knowledge, cultural or economic factors. Security management should be primarily concerned with managing the entropic processes against commissioned security system levels; however, when decay occurs it is as a bottom-­‐up factor. This study suggests security controls should be measurable and be designed, applied, and managed to maintain security system efficacy