The Deep Security model is a method, not another set of standard tools. It explores and questions – together with the people concerned – the interaction between the nature of their organisational environment, their objectives and their intrinsic or created vulnerabilities – its ’ecology of risk’. The aim is to forge a flexible, adaptive system that allows the organisation to navigate uncertainty and surprises. Of course, an organisation needs a reasonable degree of robustness to protect against or absorb risks. But the down–side of robustness is rigidity. An organisation also needs the flexibility to adapt and learn from unforeseen events, which rather than negative may be positive by stimulating innovation that is beneficial. Moreover, there may be little time to adapt. The needed flexibility must be built into the organisation; it is as much a mind–set as a management approach.
We see Deep Security as a mind–set and mode of action that is similar to the workings of an immune system, one that depends not on a single solution but on an integrated set of complementary and adaptive controls. It combines various types of measures (prevention, deterrence, resilience building, risk transfer, risk transformation etc.) that enable an rganization to absorb the relative complexity of its ‘ecology of risk’