Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tmekelburg1
Community Champion
‎01-18-2021 10:05 AM
‎01-18-2021 10:05 AM

Building a Security Program using a First Principles Mind Set

First Principle: Any axiom, law, or abstraction assumed and regarded as representing the highest possible degree of generalization.

 

Material issue: Major impact on the financial, economic, reputational, and legal aspects of a company, as well as on the system of internal and external stakeholders of that company.

 

CSO Perspectives podcast and weekly column, hosted by Rick Howard, discusses the concept of building an enterprise's security program with a first principles mind set. He lays out the concept by layering the Principles as building blocks in a wall with number 1 as the base or corner stone. 

 

  1. Reduce the probability of material impact to my organization due to a cyber event. 
  2. Zero Trust
  3. Intrusion Kill Chain (Disrupt the kill chain)
  4. Resilience
  5. DevSecOps
  6. Risk Assessment
  7. Intelligence Operations

Is there anything missing that should be included?

Further thoughts for discussion?

Reply
2 Replies
rslade
Influencer II
‎01-18-2021 01:03 PM
‎01-18-2021 01:03 PM

> tmekelburg1 (Contributor II) posted a new topic in Governance, Risk, Compliance

> Further thoughts for discussion?

Come back when you've built a computer that implements both Bell-LaPadula and
Biba.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Watch me disappear! [CLICK] - Ryan's version of the `Treasure' Cat
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
tmekelburg1
Community Champion
‎01-18-2021 01:33 PM
‎01-18-2021 01:33 PM

@rslade wrote:

Come back when you've built a computer that implements both Bell-LaPadula and
Biba.

Going to chalk Access Control in with block 2, Zero Trust and ignore the cranky / snarky tone of your post.

Reply
0 Kudos