SHOUTY vs ambient infosec

Like ambient music (muzak, elevator tunes), ambient information security blends into the background.  The idea is that infosec controls are subtle, seamless, integral parts of whatever is going on, as opposed to blatant in-yer-face shouty SECURITY.

Of course it's not always possible, and there are circumstances where the visibility of security is itself a valuable part of the controls - deterrents, for example, warning signs, distinct boundaries and the menacing presence of beefy security guards, with guns, dogs and attitude.  

Personal identification and authentication processes that require user interaction are hard to miss e.g. security passes/tokens, passwords, PIN codes, SMS codes and all that rigmarole. Nevertheless, there are choices for system/security architects when designing login mechanisms that affect the amount of time and effort required from each user.  

Those are the exceptions. A majority of security controls go largely unnoticed. Federated identity/social media systems, for instance, slim down subsequent logins to little more than an extra click. Network traffic encryption and message integrity controls use sophisticated cryptography under-the-hood, automatically correcting minor transmission errors or flagging more serious issues such as potentially fake websites with dubious, invalid or missing digital certificates. Antivirus scans, backups and software updates mostly take place quietly in the background, or wait for quiet periods to spring into action. 

Once logged-in to some systems, they quietly monitor your activities for indications that it really is you, doing more or less what you normally do, at your normal pace, from your normal device/s and location/s, showing your normal preferences, quirks and errors - or not, in which case as the anomalies stack up, Big Brother takes an increasing interest in what you are up to, perhaps blocking dubious or risky transactions pending further investigation.