Understanding why more data breaches are occurring requires us to first look at our underlying infrastructure. A secure architecture can be considered defensible.
Our discussion will examine the network that serves as the foundation for all other security efforts. Some will argue against and to illustrate my point, let me ask a question. If your organization’s network was not accessible, could your company achieve its operational goals? We’ve become so dependent on them that even short outages can be highly problematic.
No organization has an unlimited budget, energy, time, ability, or capacity needed to secure every part of its network infrastructure. For this reason, we must identify the critical risks that our organizations must address first. These will serve as the starting point of our information security program.
As our teams work through the critical risks, they will begin to identify our most vital assets. We do this by first identifying our critical assets and then by identifying critical risks associated with those. The network is considered one of the most critical assets and serves as a starting point for most security programs.
In the context of network security, malicious actors view our networks as having the same criticality for their efforts as we do. If they cannot operate within our network environment freely, it is unlikely that they will be unable to achieve their goals. I’ve found then that the network is equally vital for both attacker and defender!