Defensible Security is a collection of control groups you can use to help support your security program. Defensible Security helps organizations know what they need to be doing at a minimum to achieve a security posture that is defensible.
Security Prerequisites
Security Directives
Security Respiratory Controls
Security Embedding (DNA) Control
Organizations will be judged not only on their ability to prevent attacks, but also to detect and respond to them. It is more critical than ever to have a well-established information security program that guides investment of finite resources and helps ensure risk is mitigated to an acceptable level. The role of security is to help the business to make informed decisions around risk. Security is not an IT problem but a business enterprise risk. Through effectively managing risk, security enables the business to achieve its goals.
To assist organizations in understanding where to invest these finite resources, the Province of British Columbia has defined a list of critical security controls in the Defensible Security Framework. The Province is committed to “raising the water level” of security in BC and across Canada.
Provides a high-level overview on the control areas. Use this manual as a reference for each control group and it's corresponding control areas.
Provides a quick and easy way for organizations to assess their security posture and view changes over time. It can also be used for executive reporting.