During my recent presentation “Defence in Depth & Best/Good Practices” at the Foursys security conferences, I spoke about how we need to start thinking like Threat Actors, excluding Intelligence Services. In that this is a business to threat actors, they want maximum profit for the least amount of expenditure or effort, so if we can increase their cost of compromising our organisations, we also increase the likelihood of them switching to a softer target.
Senior Security Architect at Foursys, Jonathan Smith, CISSP, takes a deep-dive into organisations considering permitting access to online social networks. These websites not only implement HTTPS as standard, but can also increase the level of risk to an organisation.
Defence in depth: Firewall, IPS, or UTM and multi-vendor anti-virus solutions; a strategy that most are more than familiar with.
However do you consider your “PEOPLE” aka your “Staff” to be part of your defence in depth strategy?
I believe we should! I believe as security professionals we need to inform and advise the decision makers to understand the value of security awareness training as part of the overall business security strategy.