A boss once told me, “In a ham and egg breakfast, the chicken is involved, but the pig’s committed”.
With security, there are three separate groups which have fundamentally different views on how to provide security. Two are involved, one’s committed.
We can learn a lot by considering how each views security and how integrating all approaches as opposed to focusing on a single one provides better security.
Engineering
First, there are the builders: the engineers, designers, coders, testers, and integrators. They approach security as something you build. They expect the attacker to know everything about the system minus some minimal authentication information. They fix code, secure configurations and repeatedly test to make sure everything is perfectly secured. They are involved.
Intel/Counter-Intel
They are the sensors and they see security as a sensor: to secure something, hide it. Intel documents all the places where people didn’t hide things and were consequently compromised.
Therefore counter-intel believes nothing can be perfectly secured, so instead it is best to do everything in your power to prevent the attacker from gaining information. The engineers abhor this approach as “security through obscurity”. Intel and counter-intel are involved.
Operations
They are committed. Operations receives the output of engineering, intel, and counter-intel and has to make it work. Security is not their job; it allows their job to happen.
As such, they are likely to ignore any security that impedes operations. They know their systems are imperfect. They know they can’t prevent information from getting out there.
Instead, they strive, not to be perfect in either the intel or engineering way, but simply to be better than the attacker. They solve problems procedurally and will substitute labor for technical solutions, (i.e. incident handling instead of an IPS).
Any sound security solution needs to have a little of each. Because operations is committed, all security needs to support them. However, not all problems are solvable procedurally or with human capital.
Engineering is required to provide operations the tools they need as well as to provide systems built to slow down the attacker as well as fail gracefully when compromised. Intel is needed to provide operations information to help them orient and act.
Counter-intel is needed to help operations slow the loss of information. Only when all areas are working in concert for the common operational goal, is security realized.
I wanna thanks to a great extent for providing such informative and qualitative material therefore often.vivint reviews
ReplyDeleteI really enjoyed reading this Information Security Analytics blog because it explains a complex topic in a way that actually makes sense. The way it connects data analysis with real-world security threats feels practical, not just theoretical, and it helped me understand how patterns and behavior can reveal risks before they turn into big problems. It’s the kind of content that makes you stop and think about how much data is working quietly in the background to keep systems safe. I’ve been diving into similar research for my studies lately, and honestly, finding clear insights like this is just as helpful as getting dissertation help uae when things start to feel overwhelming.
ReplyDeleteI really enjoyed reading this post on Information Security Analytics—it’s impressive how much goes on behind the scenes to keep data safe, and it makes me realize just how critical these insights are for any organization. The way analytics can spot patterns and potential threats before they become real problems is fascinating, and it feels a bit like training in another discipline where vigilance and awareness are key. It actually reminds me of how disciplined Martial Arts school approach their craft, always analyzing and anticipating every move, which somehow makes the comparison feel surprisingly fitting.
ReplyDelete