Building a Security Program using a First Principles Mind Set
First Principle: Any axiom, law, or abstraction assumed and regarded as representing the highest possible degree of generalization.
Material issue: Major impact on the financial, economic, reputational, and legal aspects of a company, as well as on the system of internal and external stakeholders of that company.
CSO Perspectives podcast and weekly column, hosted by Rick Howard, discusses the concept of building an enterprise's security program with a first principles mind set. He lays out the concept by layering the Principles as building blocks in a wall with number 1 as the base or corner stone.
Reduce the probability of material impact to my organization due to a cyber event.
Intrusion Kill Chain (Disrupt the kill chain)
Is there anything missing that should be included?