Principles of cybersecurity operations
In my earlier book, Principles of Cyber Security Operations, I laid out seven principles for effective cyber security defense. In this appendix, I enumerate the principles and give a brief explanation.
The principles are as follows:
- Visibility: Go by what there is, not by what there should be: Look at your own environment like an intruder would. This means discovering and seeing for yourself what there is on your network, using the same tooling (with limitations) that an intruder would use, testing, improving, and testing again.
- Visibility has its limits: Ensure the security team does not have access to everything. Security should have enough access to things to do their jobs, no more.
- Context: Close the Incident Loop: Don't just be content with recovering from an incident. See what you can learn, and, more importantly, what you can improve.
- Share aggressively: Security is teamwork. There is no competitive value in...