iTnews

Tactics, strategy and the CSO

By Mary Ann on Oct 21, 2005 3:55PM
Tactics, strategy and the CSO

As a security professional, I spend time researching the latest issues, threats and hacking techniques. For pleasure, however, I read mostly military history – which, in turn, impacts my view of information security.

He who defends everything defends nothing

To best apply limited resources to maximize defense success, carefully select your turf. One of our security teams questioned my sanity when I asked how the U.S. Marines took Guadalcanal in the Pacific in 1942/43. The strategy: hold the airstrip; hold the island. The airstrip was strategic, because the U.S. could mount an air defense from it, making the field a virtual aircraft carrier. The team understood the relevance to our product strategy.

Risk management must mean moving beyond simply identifying and defending the most important assets to including an analysis of the strategic points of the network that enable beachheads by attackers or a dominant position by defenders.

Intelligence has value only if you act upon it

The Battle of Midway in June 1942 was arguably the turning point of the Pacific War. The victory hinged in part on U.S. intelligence, gleaned by breaking the JN25 naval cipher that the Japanese planned to attack Midway. Admiral Nimitz, the U.S. commander, sent two carrier task forces to Midway to ambush the Japanese Navy (never assume ciphers cannot be broken.)

Security professionals have many ways to know the landscape of their networks, their state of readiness and the types of probes attempted.

But some organizations neither use the intelligence they have nor act upon it – they turn off auditing, fail to review logs, or ignore alarms generated by IDSs.

The importance of interior defensive perimeters

One security truism is the disappearance of the perimeter.

During the 1879 defense of Rorke's Drift in South Africa, 150-odd British soldiers held off 4,000 Zulus by defending the inherently indefensible – they created both a defensive perimeter and makeshift interior barricades from grain sacks and biscuit boxes. Security professionals can learn from this example. A large defensive perimeter is not defensible if it is breached – the rest of the network is wide open.

Today, administrators segment networks with interior firewalls. Tomorrow, the network might be able to create dynamic redoubts.

A final lesson of military history lies within the power of individuals. Strategies are set by admirals and generals, but battles are won by individual tactical decisions and initiative. Every employee has a responsibility to make IT security a priority.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
and cso security strategy tactics the

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Mary Ann
Oct 21 2005
3:55PM
0 Comments

Related Articles

  • NSW govt warned its cyber resilience needs "urgent attention"
  • Govt agencies face annual cyber security audits for next five years
  • Govt's public sector data sharing bill enters parliament
  • WA registry system flaws force auditor to delay findings by 18 months
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Trump pardons former Google self-driving car engineer

Trump pardons former Google self-driving car engineer

Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.