Do Security Systems Fail Because Of Entropy?
Argonne National Laboratory
Faculty of Health, Engineering and Science
School of Computer and Security Science
Security is implemented to mitigate an organisation’s identified risks, linking layered elements into a system to provide countermeasure by the functions of deter, detect, delay, response and recovery. For a system to maintain its effectiveness these functions must be efficaciously performed in order; however, such systems may be prone to decay leading to security failures. This study used a three-‐phase qualitative methodology to develop an entropic theoretical foundation and to present a model of entropic security decay. Security decay is defined as degradation of the microscopic constituents propagating through the security system as a result of knowledge, cultural or economic factors. Security management should be primarily concerned with managing the entropic processes against commissioned security system levels; however, when decay occurs it is as a bottom-‐up factor. This study suggests security controls should be measurable and be designed, applied, and managed to maintain security system efficacy.