What is Defensible Security?
- Doing the basics stops 80% of the problems.
- No organization globally is immune to attack.
- Organizations must be able to prevent the majority of attacks, detect the majority, and respond to the majority.
- Many organizations by now are aware they need to do something around security given the sharp increase in attacks and sophistication.
- Defensible Security helps organizations know what they need to be doing at a minimum to achieve security posture that is defensible.
- It also helps them understand how to do it in a very iterative, pragmatic way.
Why is it needed?
Cybersecurity has never been as imperative as it is today. Most organizations have failed to invest at a rate that has sustained previously achieved capability levels. Others have never reached a level of security maturity adequate to mitigate risks to an acceptable level. Organizations must target a level at or above risk-based security. It is critical to ensure hygiene and compliance level controls are in effect. Public sector organizations have a responsibility to apply appropriate safeguards and maintain a defensible level of security.
What are the next steps?
Review the following documents:
- Policies and Practices Checklist
- Pre-requisites for Success
Hygiene Level Controls Framework