From the AVP - Information Security Warfare
Make no mistake, we are in a war. To succeed, you must know your enemy as well as your own strengths and weaknesses. The following are six issues of which we must be aware to protect information and information systems.
If you know the enemy and know yourself,
you need not fear the result of a hundred battles.
If you know yourself but not the enemy,
for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself,
you will succumb in every battle.
– Sun Tzu, The Art of War, Chapter 3, Verse 18
- Know Your Enemy - To truly know the threats and risks, you must consider and understand both external and internal threats/risks.
- Understand External Enemies - 300+ million on the internet and the number is growing. The external threat includes individual attackers manually probing and penetrating your networks, as well as highly automated attacks such as worm programs.
- Defend Against Internal Enemies - Reality, concentrating on the perimeter only builds a false sense of security while leaving your internal assets vulnerable to attack and misuse by those who can hurt you most: evil insiders. Hard on the outside and soft on the inside, sound like a famous candy.
- Know Yourself - Know your environment and know those around you and lastly, know your strengths and weaknesses.
- Be Aware of Regulations and Consequences - Know the laws and regulations that govern your environment. Ignorance is no excuse.
- Protect Yourself - Policies, standards and processes together are your best protection.
|
|
|
