A Player means different parties, each with his or her subjective perceptions of risk, tolerances for living with risk, and willingness to make various trades-offs.
An Agenda means players own analysis of the security situation and internal and external non-security considerations.
Two Players that create security problems: Attacker and the Attack (Assets owner). If no attacker than there would be no security problems.
A policy of security system is defined by a single player to many players. House policy is defined by a single person whereas the corporate and credit card system policy requires role of many players. A policy may be simple or complex depends upon the unit.
Proxies are the players who act in the interest of other players. Proxies are the intermediate person that has specializations in their field. Everyone can’t do everything. So proxies are needed.
For E.g.: Hiring a building inspector to evaluate the physical condition of house. This cannot be done by everyone unless you are having expertise in it.
· Security Theater: security countermeasures that provide the feeling of security instead of the reality.
E.g.: Taper-resistant packaging. It’s easy to poison many foods and over the counter medicines right through the seal by using a syringe.
· Nokia spends far more on battery security than on communications security. Battery security system senses when a 3rd-party battery is used and switches into maximum power-consumption, wearing the battery down faster, thus insuring that consumers stick to Nokia batteries.
· In economics, externality occurs when one player's decision affects other players not involved in the decision.
For E.g.: A company saves much money by dumping toxic waste in a river, and everyone suffers because of contaminated water.
· Security system is based on a policy defined by one or more of the players (usually the asset owner) and the perceived risk against those assets. Security will always be a balancing game between various players and their agendas.