Rigidity is Detrimental to your Security Architecture: The Principle of Nimble & Elastic Flexibility
Your security strategy needs to be NIMBLE, ELASTIC and FLEXIBLE or you will not be able to deal with the inevitable security incidents that will arise despite your best laid plans and designs. No environment stays static over time – and therefore no threat model is a constant model.
Identity Alone May Not Protect You: The Principle of Appropriate Trust
Blind trust in identity is no longer a viable option for today’s world – but that doesn’t mean we can just jettison identity as a core asset – we just need to apply the “appropriate level of trust” to identity, and then apply that level of trust to how we access digital assets.
How to Know When Your Security is Going Stale: The Principle of Mitigation Effectiveness
Any given security mitigation can, and will, eventually go obsolete based on changes in the environment. The question becomes: how can we tell when a mitigation is losing its effectiveness? When is it time to double-down on what’s working or divest of what we no longer need to maintain a secure environment?
Confidence in Your IT Security Shouldn’t Last Forever: The Principle of Imminent Obsolescence
What is Imminent Obsolescence? If you are running a business in today’s world of almost constant technology change – your security mitigations will eventually become more ineffectual for you over time unless you are watching for Imminent Obsolescence.