Defense in Depth: An Impractical Strategy for a Cyber-World
5/5
()
About this ebook
Businesses and Information Technology Security Professionals have spent a tremendous amount of time, money and resources to deploy a Defense in Depth approach to Information Technology Security. Yet successful attacks against RSA, HB Gary, Booz, Allen & Hamilton, the United States Military, and many others are examples of how Defense in Depth, as practiced, is unsustainable and the examples show that the enemy cannot be eliminated permanently. A closer look at how Defense in Depth evolved and how it was made to fit within Information Technology is important to help better understand the trends seen today. Knowing that Defense in Depth, as practiced, actually renders the organization more vulnerable is vital to understanding that there must be a shift in attitudes and thinking to better address the risks faced in a more effective manner. Based on examples in this paper, a change is proposed in the current security and risk management models from the Defense in Depth model to Sustained Cyber-Siege Defense. The implications for this are significant in that there have to be transitions in thinking as well as how People, Process and Technology are implemented to better defend against a never ending siege by a limitless number and variety of attackers that cannot be eliminated. The suggestions proposed are not a drastic change in operations as much as how defenses area aligned, achieve vendor collaboration by applying market pressures and openly sharing information with each other as well as with federal and state agencies. By more accurately describing the problems, corporations and IT Security Professionals will be better equipped to address the challenges faced together.
Prescott Small
Prescott is an Information Technology and Security Specialist with over 20 years hands-on experience. His resume includes a wide range of technologies beginning with DEC Mainframes and Apple 512K systems along through the entire evolution of the Windows Operating Systems since Windows 3.1. Prescott’s current responsibilities focus in IT security, including incident management. He currently holds the GIAC Gold Security Essentials Certification (GSEC). GSEC certification ensures the holder has real-world security awareness in several areas of IT security including computer, network and software. Prescott began his IT career with his father at Scientific Placement working on the DEC mainframes. After leaving Scientific Placement, he spent the next several years at Telecheck working in the Shared Global Services division, which handled real-time credit card transaction processing and settlements. His job responsibilities included credit fraud control and profiling to prevent credit card fraud as well as assisting authorities with criminal investigations. Prescott then spent two years at Mitsubishi Caterpillar Forklift America (MCFA) operating the desktop support for the Houston offices working for MIT Computers. Prescott came to Baker Hughes 1998 in the Baker Oil Tools division where he supported field operations for the Eastern United States. After shared services were formed, Prescott went to work in Desktop Support where he was the on-site coordinator at Baker Oil Tools at Navigation Boulevard and Baker Petrolite in Sugar Land. Prescott transferred to the Windows 2000 Migration Project where he was part of the team that designed and implemented the global transition to windows 2000, Active Directory and developed many of the current IT standards. Prescott has also worked on several other small and large-scale projects at Baker Hughes during his career. At the conclusion of the Windows 2000 Migration Project, Prescott transitioned into what is now the IT Tools Team. As a member of the IT Tools Team Prescott was responsible for virus incident management and security related software including the McAfee ePolicy Orchestrator. His responsibilities also included supporting and designing the McAfee products infrastructure. As a result, the IT Tools Team has greatly reduced the number of virus outbreaks ensuring that the corporate network is operational and secure. For the past five years, Prescott has focused almost exclusively on IT Security, Risk Management and Incident Response. In addition to Prescott’s background in IT he is also an accomplished photographer having recently been published in several newspapers, magazines and a travel guide for San Antonio, TX. Prescott’s lovely wife Alex is a practicing attorney and a Registered Nurse in the Houston area and they have two wonderful boys, Nicolaus and Zachary. Nico is named for Nicolaus Copernicus while Zach is named for Zakk Wylde, where one was an innovator in science and changing how we view our place in the universe, the other is known for his awesome and innovative work with the electric guitar and changing the style of play for heavy metal the world over. Prescott attended Houston Community College and the University of Arizona in Tucson. Prescott has held several IT related certifications over the years now has a SANS affiliated GIAC Gold Security Essentials Certification (GSEC).
Related to Defense in Depth
Related ebooks
Landscape of Cybersecurity Threats and Forensic Inquiry Rating: 0 out of 5 stars0 ratingsCyber Security and Policy: A substantive dialogue Rating: 0 out of 5 stars0 ratingsSecuring Critical Infrastructures Rating: 0 out of 5 stars0 ratingsThe Five Anchors of Cyber Resilience: Why some enterprises are hacked into bankruptcy, while others easily bounce back Rating: 0 out of 5 stars0 ratingsCybersecurity and Infrastructure Protection Rating: 0 out of 5 stars0 ratingsCybersecurity in Our Digital Lives Rating: 5 out of 5 stars5/5The Language of Cybersecurity Rating: 5 out of 5 stars5/5The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsIntroduction to US Cybersecurity Careers Rating: 3 out of 5 stars3/5Cyber-Physical Attacks: A Growing Invisible Threat Rating: 4 out of 5 stars4/5Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5The Cybersecurity Mindset: Cultivating a Culture of Vigilance Rating: 0 out of 5 stars0 ratingsProtecting Our Future, Volume 1: Educating a Cybersecurity Workforce Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Cases Studies and Solutions Rating: 5 out of 5 stars5/5Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware Rating: 5 out of 5 stars5/5Designing and Building Security Operations Center Rating: 3 out of 5 stars3/5IT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsTechno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure Rating: 0 out of 5 stars0 ratingsIT Security Concepts Rating: 5 out of 5 stars5/5The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks Rating: 0 out of 5 stars0 ratingsHow to Defeat Advanced Malware: New Tools for Protection and Forensics Rating: 0 out of 5 stars0 ratingsBuilding a Practical Information Security Program Rating: 5 out of 5 stars5/5Managing Cybersecurity Risk: How Directors and Corporate Officers Can Protect their Businesses Rating: 5 out of 5 stars5/5Trends In Cybersecurity: The Insider To Insider Risks Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsUse of Cyber Threat Intelligence in Security Operation Center Rating: 0 out of 5 stars0 ratingsSecurity Technology Convergence Insights Rating: 0 out of 5 stars0 ratings
Enterprise Applications For You
Scrivener For Dummies Rating: 4 out of 5 stars4/5QuickBooks 2023 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsExcel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5ChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsCreating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Bitcoin For Dummies Rating: 4 out of 5 stars4/5Systems Thinking: Managing Chaos and Complexity: A Platform for Designing Business Architecture Rating: 4 out of 5 stars4/5SharePoint 2016 For Dummies Rating: 5 out of 5 stars5/550 Useful Excel Functions: Excel Essentials, #3 Rating: 5 out of 5 stars5/5Excel 2019 For Dummies Rating: 3 out of 5 stars3/5Excel Formulas and Functions 2020: Excel Academy, #1 Rating: 4 out of 5 stars4/5Enterprise AI For Dummies Rating: 3 out of 5 stars3/5Using Word 2019: The Step-by-step Guide to Using Microsoft Word 2019 Rating: 0 out of 5 stars0 ratingsQuickBooks Online For Dummies Rating: 0 out of 5 stars0 ratingsQuickBooks 2021 For Dummies Rating: 0 out of 5 stars0 ratingsNotion for Beginners: Notion for Work, Play, and Productivity Rating: 4 out of 5 stars4/5Managing Humans: Biting and Humorous Tales of a Software Engineering Manager Rating: 4 out of 5 stars4/5Experts' Guide to OneNote Rating: 5 out of 5 stars5/5Agile Project Management: Scrum for Beginners Rating: 4 out of 5 stars4/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsExcel 2016 For Dummies Rating: 4 out of 5 stars4/5Learning Python Rating: 5 out of 5 stars5/5Mastering QuickBooks 2020: The ultimate guide to bookkeeping and QuickBooks Online Rating: 0 out of 5 stars0 ratingsThe New Email Revolution: Save Time, Make Money, and Write Emails People Actually Want to Read! Rating: 5 out of 5 stars5/5Excel Tips and Tricks Rating: 0 out of 5 stars0 ratings
Reviews for Defense in Depth
1 rating0 reviews