Deep Defense System for IT security

There are various kinds of security threats that enterprise IT systems must face and implement security controls to mitigate them. Different threats must be treated with different security countermeasures. Refer to the below diagram, the information assets at the hosts are presumed to be the most important to protect. Internet hackers, internal abuse, mis-operations and other  threats  resources must be taken into considertation when designing a defense-in-depth security system. Host based access control, audit, IDS, firewalls, and the central security management software are what you can make use of.  The challenge is to balance the security investment and the outcome. So you’d better to take a risk assessment to quantify the security risk and corresponding distribution, associated with the assets, line of business and etc.

 

Defense-in-depth

 

4 Responses to Deep Defense System for IT security

  1. Why says:

    + P D C A
    |
    | Know Risk
    | Get Secure
    | Stay Secure
    | Improve Security
    |
    | Defense in Depth
    v / \
    Level Layer
    ————————-
    People Process Technology
    | | |
    +——-+——–+
    CONTROL
    / | \
    Enemy Self Partner
    Threat

    Alert: as soon as possible
    Defense: mitigate threats, ahead of threat
    Monitor: control
    Response: expect the unexpected

    SO, several MATRIX at above …

    Happy Thinking!

  2. Why says:

    格式乱了,凑合看吧。

  3. Richard says:

    PDCA
    DiD
    PPT
    PDR
    P2DR
    PDRR

    hey, btw, brother, you remember the new domain name: zhaol.cn. why not wanghy.cn, wanghy.net, wanghy.org?

  4. Why says:

    其实是 2sec.org,不过这几天服务器正在重新搞,上不去了。
    本来想注册 why.cn 了,被人抢先了。

%d bloggers like this: