Assumption of Breach

A new way of thinking about security incident prevention and response, called Assumption of Breach, is leading security professionals to think differently about security incidents. Prior to assumption of breach, the popular mindset among security professionals was to prevent security breaches from occurring. With assumption of breach, security professionals adopt the mindset that one or more breaches have potentially occurred in their organizations, whether those breaches have been discovered or not.

In my opinion, this is a more realistic philosophy than prior ways of thinking. Adversaries wield advanced tools and techniques, and are often able to compromise networks with even advanced defenses. Assumption of breach also requires humility on the part of security managers and executives, who might otherwise believe that their networks are impenetrable.

– excerpt from CISSP Guide to Security Essentials, 2nd edition

For more information on the topic of Assumption of Breach:

http://armatum.com/blog/2012/who-coined-assumption-of-breach/

http://searchsecurity.techtarget.com/tip/Assumption-of-breach-How-a-new-mindset-can-help-protect-critical-data (free registration required)

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s