Lessons Learned

The layers of controls were just described from the inside out. However, while reacting to Internet threats it is natural to emphasize the outer layer of network controls. With threats escalating and the market for technical solutions expanding, the result can be a hard, crunchy shell around a soft center. This may seem analogous to the fortress castle with the strongest protection at the perimeter, the reality of Internet is that some threat communities have substantial resources resulting in frequent attack leveraging high capabilities; some will get through the perimeter. It is paramount to have effective security controls for all system layers.

The requirement for using complex passwords have been the best practice for many years. Unfortunately, the goal has been difficult to achieve, relying on users to remember multiple passwords that may not be particularly memorable. One of the fundamental control improvements relating to the increased capabilities of threat communities is the implementation of two-factor authentication.

Copyright © 2019 Christopher T. Carlson

Excerpt from How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR

Return to Defense in Depth

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s