The Threat Acceptance Pillar
A threat is something we do not control and is directly related to the adversary. We do not control his motivations and intentions but can we control his capabilities? Capabilities can only be controlled if you are in constant conflict with an adversary and your actions affect his capabilities of inflicting a threat on your organization. Because we are not always involved in preventing and neutralizing the capabilities of our opponent, we don't really have control of his capabilities.Therefore a threat is the combination of motivations, intentions and capabilities and we have no control over this process.
Our risks are measured by the gap between the threat and our capabilities to deal with that threat. The gap between these two parameters is our actual risk pertaining to that threat.
It is imperative to accept that we do not control the threat dimension and concentrate in the enhancement of our capabilities for all the threats carried out by our opponent. We are in control of our own risk and can lower it by enhancing our capabilities so that they are symmetrical to those of our opponents. Living with threats is fine and should be part of our reality. It is living with risks that is unacceptable and should be altered.
Accepting threats is respecting your opponents and taking an initiative in enhancing your capabilities to deal with those threats. Security and denial of insecurity lies in the fundamental nonacceptance of threats. To restore security we must accept the threat pillar and develop a security culture for lowering our risks. In security when a threat is active and coming in your direction, the only thing that counts is whether you have the required capabilities to prevent and/or neutralize the threat. By accepting the threats and understanding your measurable risk, you are prone to beginning to close the gap.