Black Swan in Data Security

A few years ago, I read the book Black Swan by Nassim Nicholas Taleb (link). The primary thesis is th at we are all conditioned to see the future as a natural continuation of today. We do not anticipate or plan for events like Covid-19, a tsunami or a 9–11 style attack or 2008 real-estate crisis. So we keep repeating our acts not unlike ants and bees — assuming tomorrow will be no different than today. This is not wrong for most windows of time. However from time to time something goes awry. A time bomb goes off bringing with it, enormous loss in personal and property destruction. We bereave for a few weeks and get on the treadmill again.

The central argument of the book is that these events by nature are not predictable. We can however make small bets against their occurrence, that could cover us from the downsides — a “hedging approach”. We do this in some situations. It is the reason we buy auto-insurance. We do not anticipate a loss every day, but in case something bad happens, we do not wish to be bothered to make amends.

Let us apply this to data security. When we undertake a project that collects and processes data, what do we see as requirements, from a security stand point? I have done at least 3 or 4 of them in my life. From my personal recollection requirements are written from the perspective of “If everything goes per procedure”

Leave a Comment