cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tmekelburg1
Contributor II

Building a Security Program using a First Principles Mind Set

First Principle: Any axiom, law, or abstraction assumed and regarded as representing the highest possible degree of generalization.

 

Material issue: Major impact on the financial, economic, reputational, and legal aspects of a company, as well as on the system of internal and external stakeholders of that company.

 

CSO Perspectives podcast and weekly column, hosted by Rick Howard, discusses the concept of building an enterprise's security program with a first principles mind set. He lays out the concept by layering the Principles as building blocks in a wall with number 1 as the base or corner stone. 

 

  1. Reduce the probability of material impact to my organization due to a cyber event. 
  2. Zero Trust
  3. Intrusion Kill Chain (Disrupt the kill chain)
  4. Resilience
  5. DevSecOps
  6. Risk Assessment
  7. Intelligence Operations

Is there anything missing that should be included?

Further thoughts for discussion?

2 Replies
rslade
Influencer I

Re: Building a Security Program using a First Principles Mind Set

> tmekelburg1 (Contributor II) posted a new topic in Governance, Risk, Compliance

> Further thoughts for discussion?

Come back when you've built a computer that implements both Bell-LaPadula and
Biba.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Watch me disappear! [CLICK] - Ryan's version of the `Treasure' Cat
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
tmekelburg1
Contributor II

Re: Building a Security Program using a First Principles Mind Set


@rslade wrote:

Come back when you've built a computer that implements both Bell-LaPadula and
Biba.

Going to chalk Access Control in with block 2, Zero Trust and ignore the cranky / snarky tone of your post.