Top
IDG Contributor Network: Rethinking security – ANITH
fade
156267
post-template-default,single,single-post,postid-156267,single-format-standard,eltd-core-1.1.1,flow child-child-ver-1.0.0,flow-ver-1.3.6,eltd-smooth-scroll,eltd-smooth-page-transitions,ajax,eltd-blog-installed,page-template-blog-standard,eltd-header-standard,eltd-fixed-on-scroll,eltd-default-mobile-header,eltd-sticky-up-mobile-header,eltd-dropdown-default,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

IDG Contributor Network: Rethinking security

IDG Contributor Network: Rethinking security

Two very different publications on “cyber resilience” got me thinking about the definition of “information security”, which I thought I understood.  The first is Digital Resilience, a 2018 book by Ray Rothrock.   The second publication is NIST SP 800-160, draft v2 (March 2018).  In Mr. Rothrock’s book, “resilience” is defined as a business risk to be dealt with using a holistic systems approach to threats and mitigation.  In SP 800-160 v2, resilience is characterized as surviving after an APT has a foothold in your network or systems.  We still don’t have immutable definitions of the basic terms in this field!  Security practitioners are like the five blind men describing an elephant.  No wonder there is a communication gap with business leaders.  So, in this post, I decided to offer my own description of “security”, with some best practice implementation ideas.  It is a rethinking rather than reinventing.

To read this article in full, please click here

Source link

Anith Gopal
No Comments

Post a Comment

7 + 13 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.