Defensible Security


Cybersecurity has never been as imperative as it is today.  Most organizations have failed to invest at a rate that has sustained previously achieved capability levels.  Others have never reached a level of security maturity adequate to mitigate risks to an acceptable level.  Organizations must target a level at or above risk-based security.  It is critical to ensure hygiene and compliance level controls are in effect.  Public sector organizations have a responsibility to apply appropriate safeguards and maintain a defensible level of security.

DefSec Logo

What is Defensible Security?

  • Doing the basics stops 80% of the problems.
  • No organization globally is immune to attack.
  • Organizations must be able to prevent the majority of attacks, detect the majority, and respond to the majority.
  • Many organizations by now are aware they need to do something around security given the sharp increase in attacks and sophistication.
  • Defensible Security helps organizations know what they need to be doing at a minimum to achieve security posture that is defensible.
  • It also helps them understand how to do it in a very iterative, pragmatic way.

Defensible Security Triage model that breaks it down into Security Embedding Controls, Security Prerequisites, Security Respiratory Controls, and Security Directives

Defensible Security Tools and Resources

Defensible Security Control Groups