Could you continue to operate under cyberattack?

[InfoSec News <alerts () infosecnews org>]

http://gcn.com/articles/2012/02/27/cybereye-operating-while-under-attack.aspx

By William Jackson
GCN.com
Feb 24, 2012

I try to be cautious with my use of the term “cyber war.” It is used 
much too often to describe any type of unpleasant online activity, and 
its misuse confuses our thinking about the very real threats of military 
engagement in cyberspace. But there is at least one area in which the 
military model of operation can be a useful model in cybersecurity.

In an IT environment where compromise is becoming inevitable, the 
concept of mitigating damage while operating in a degraded environment 
is becoming increasingly applicable.

An army does its best to protect itself from attack, but military 
leaders understand that when battle comes they will suffer losses and 
will be fighting under less-than-optimal conditions, often in situations 
not of their choosing. An army that cannot continue to operate under 
those conditions will likely lose the battle.

IT security traditionally has focused on defense, originally copying the 
military concept of a secure perimeter and defense in depth with 
multiple lines of protection. This concept has become less practical 
with the blurring or elimination of a recognizable perimeter in the 
enterprise. Attention has shifted to the security of individual 
components or functions of the enterprise, such as data, communications 
and access. But the stance still is defensive, and response is almost an 
afterthought.

[...]

______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill.  It's that easy.
http://www.expandingsecurity.com/PainPill