Idea Explorer: Security
In his blog, Brad Jarvis identifies six of the approaches to maintaining effective security. These approaches are not IT-centric, but rather are for personal and civic security. They are:
Offense
Defense
Containment
Alliance
Assimilation and
Retreat.
Specific descriptions may be found at this link: Idea Explorer: Security.
I tend to look for "universal truths" as often as I can. In this pursuit, I looked at Bradley's list and attempted to put it towards IT (Information Technology) security. Truly, all of these approaches may be seen, even "alliance" and "assimilation", in the IT world. While I was going to spend some time expounding upon the parallels, I became enamored with one in particular: offense.
Offense, as Bradley identifies it, involves "attacking (destroying) someone perceived as a threat".
I have worked in numerous computing cultures, from WFO (Wide Friggin Open) to military and financial uber-controlled. I currently work in an environment that has a medium-high level of control; a rather restrictive working environment. This is defined (by me) as restrictive web browsing, to the point that webmail is blocked, and entertainment sites (NFL.com) and even most news sites (cnn.com) are blocked or heavily restricted.
Similarly, I have worked where companies allow employees who use corporate laptops to install personal software and otherwise use it for personal use so long as the basic security posture (antivirus, firewall, file integrity, anti-spyware) is maintained at all times. Some of these companies back this policy up by implementing NAC (Network Access Control) to ensure that laptops re-entering the enterprise (after a trip home) are still secure.
Other institutions prohibit any personal use of the laptop. I'm not going to discuss the pros and cons of each argument, rather I'm going to discuss this in light of Bradley Jarvis' "Offensive" security approach.
In this case, restrictive environments seem to take the stance that "attacking someone perceived as a threat" means attacking the end user by saddling them up with procedures and prohibitions to keep them from inadvertently infecting the corporate network, and to keep them from allowing a data leaks. We prohibit personal emails, attachments, and we sometimes disable wifi capability and even prohibit the interface from acquiring a new address (for example, to be used at home).
Why has it come down to viewing our own employees and coworkers as the greatest threats to our corporate security?
Because they have always been such, whether we've known it or not.
Offense
Defense
Containment
Alliance
Assimilation and
Retreat.
Specific descriptions may be found at this link: Idea Explorer: Security.
I tend to look for "universal truths" as often as I can. In this pursuit, I looked at Bradley's list and attempted to put it towards IT (Information Technology) security. Truly, all of these approaches may be seen, even "alliance" and "assimilation", in the IT world. While I was going to spend some time expounding upon the parallels, I became enamored with one in particular: offense.
Offense, as Bradley identifies it, involves "attacking (destroying) someone perceived as a threat".
I have worked in numerous computing cultures, from WFO (Wide Friggin Open) to military and financial uber-controlled. I currently work in an environment that has a medium-high level of control; a rather restrictive working environment. This is defined (by me) as restrictive web browsing, to the point that webmail is blocked, and entertainment sites (NFL.com) and even most news sites (cnn.com) are blocked or heavily restricted.
Similarly, I have worked where companies allow employees who use corporate laptops to install personal software and otherwise use it for personal use so long as the basic security posture (antivirus, firewall, file integrity, anti-spyware) is maintained at all times. Some of these companies back this policy up by implementing NAC (Network Access Control) to ensure that laptops re-entering the enterprise (after a trip home) are still secure.
Other institutions prohibit any personal use of the laptop. I'm not going to discuss the pros and cons of each argument, rather I'm going to discuss this in light of Bradley Jarvis' "Offensive" security approach.
In this case, restrictive environments seem to take the stance that "attacking someone perceived as a threat" means attacking the end user by saddling them up with procedures and prohibitions to keep them from inadvertently infecting the corporate network, and to keep them from allowing a data leaks. We prohibit personal emails, attachments, and we sometimes disable wifi capability and even prohibit the interface from acquiring a new address (for example, to be used at home).
Why has it come down to viewing our own employees and coworkers as the greatest threats to our corporate security?
Because they have always been such, whether we've known it or not.
Comments