WebApp Sec mailing list archives
Re: [WEB SECURITY] The Möbius Defense, the end of Defense in Depth
From: Pete Herzog <lists () isecom org>
Date: Thu, 09 Jul 2009 14:45:38 +0200
Walt,One question- if the definition has shifted- why hasn't anyone updated any of the definitions in all the books, courses, and websites?
It's a failure on our part to change the definition in practice and still refer to it academically as something else (layered security, multiple layers, etc.). So maybe it has changed with the times but whether you go with the military or the common definitions of all the print and on-line resources, your new definition doesn't fit to the old. It's time we start letting the others know that the old one no longer applies. That's one thing we did in the presentation. But again, that's just one part of the Möbius Defense. There are more improvements based on current research that we also added.
Sincerely, -pete.
Pete, I think what you will find as you take your presentation into the information security community is that when most of us speak or work to implement DiD, we are doing what you call the Möbius defense. You are working with the military definition, but in the business world the definition of DiD has shifted. To myself and those colleagues that I've discussed your ideas and presentations with, Did=Möbius. Thanks!
Current thread:
- Re: [WEB SECURITY] The Möbius Defense, the end of Defense in Depth Pete Herzog (Jul 09)