Defensible Security

DefSec Logo

What is Defensible Security?

  • Doing the basics stops 80% of the problems.
  • No organization globally is immune to attack.
  • Organizations must be able to prevent the majority of attacks, detect the majority, and respond to the majority.
  • Many organizations by now are aware they need to do something around security given the sharp increase in attacks and sophistication.
  • Defensible Security helps organizations know what they need to be doing at a minimum to achieve security posture that is defensible.
  • It also helps them understand how to do it in a very iterative, pragmatic way.

Why is it needed?

Cybersecurity has never been as imperative as it is today.  Most organizations have failed to invest at a rate that has sustained previously achieved capability levels.  Others have never reached a level of security maturity adequate to mitigate risks to an acceptable level.  Organizations must target a level at or above risk-based security.  It is critical to ensure hygiene and compliance level controls are in effect.  Public sector organizations have a responsibility to apply appropriate safeguards and maintain a defensible level of security.

defsec pyrmid

What are the next steps?

Review the following documents:

Defensible Security for Public Sector Organizations PDF 

  • Policies and Practices Checklist
  • Pre-requisites for Success
  • Definitions

Hygiene Level Controls Framework

Defensible Security Control Area Templates and Policies

Additional information: