23 May 2005

A Risk Strategy for Corporate Business Survival - Lesson 2 - Detect

“4D”
A Risk Strategy for Corporate Business Survival
Deter. Detect. Defend. Document.

By Peter L. Higgins

Lesson 2 of a 4 Part Series


The Mission
Detect the use of tools by the attackers. These tools are what they use to assess the vulnerabilities within and throughout the organization. These tools include surveillance, physical attack, information exchange, user commands, scripts or programs, autonomous agents, toolkits, distributed tools or data taps. Some are high tech and most are the craft of social engineers.

The attackers are using a combination of these tools and tactics to exploit corporate vulnerabilities in:

· Design
· Implementation
· Configuration


The Take Away
Just about any significant business disruption can be traced back to the fact that the attacker was able to effectively exploit the organizations defenses using a systematic method and the correct tools. Detection of threats begins by detecting the use of tools. Whether it’s the surveillance of an individual or of a facility. Whether it’s the design of the building or the software code for the E-Commerce system. Whether it’s the implementation of security cameras or the firewall. Whether it’s the configuration of the controls for access to the vault or to the ERP system. You have to continuously detect the use of the attackers tools and their methods to exploit your vulnerabilities.

No comments:

Post a Comment