Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Deconstructing 'Defensible' - Understand What You're Defending

As we deconstruct 'defensible' further we dive into 'understanding what you're defending'. Altogether too many CISOs and their organizations plunge head-long into defending without having a solid idea of the assets that they're charged with protecting - and the end result isn't pretty...

Deconstructing 'Defensible' - When Your Defenses Become Weaknesses

In this third post in the “Deconstructing Defensible” series I build upon my first post, in which I cover why defensible is not necessarily the same thing as secure, and how there are more assets to defend than you have resources. Today’s post focuses on how — unfortunately in an large number of enterprises — the security resources can become weaknesses.

Deconstructing 'Defensible' - Too many assets, not enough resources

Continuing on part 2 of "Deconstructing Defensible" this blog post is dedicated to those who attempt to secure the entirety of their enterprise assets with security widgets, and are struggling. One of the fundamental laws of the new way of thinking is that you can't defend everything equally, or you'll fail at defense completely... 

Deconstructing Defensible - Defensible is not the Same as Secure

If you tell your CEO or board that there is no amount of money or resources to make your enterprise secure and that instead you want to work towards making your enterprise defensible you may be in for a strange conversation. This is a critical conversation to have, and a critical concept to understand - 'defensible' is not the same as 'secure'...

The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal

What's the difference between secure and defensible?

It becomes more clear when we revisit the old, tired analogy of the castle model of security. Tough outer defenses meant to keep the 'bad guys' out, but once you're inside you've got full access to everything as if you belong. This thinking just doesn't work in today's modern enterprise... Let's talk about why and what we should be doing about it.

Search
About the Author(s)
Follow Us
Twitter Stream


Community Announcements
HP Blog

Technical Support Services Blog

Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation