Section 2: Defensible Organizations
Part 2 discusses the nebulous topic of "security culture" and "defensible organizations." I approach security culture from the viewpoint of a number of key security concepts: chaos, constraints, defensibility, exaptation, strategy, and tactics, and illustrate how these play a role in security culture. I then move on to lay out the basic concepts of defensible architecture and defensible operations. By "defensible" in this context, I mean that these are capable of surviving a modern cyber attack. I then move on to discuss how we can test these notions through gamification and wargaming.
This part of the book comprises the following chapters: