SecureByDesign-Playbook
Defence Options
Now you have a prioritised list of vulnerabilities, you can consider options for defending them.
Defences coarsely, consist of ‘protect’, ‘detect’ and ‘respond’ that correspond to the NIST CSF’s sections:
- Protect: Prevent adversaries from accessing your assets
- Detect: Monitor systems to tell when adversaries have penetrated into the system
- Respond: Eject adversaries, restore bricked or tricked systems, mitigate against nicked data.
We can then use the asset layout over the network to show us where these protections should be applied.
Protection measures are called ‘controls’ (because they ‘control risk’). We typically break them down into:
- Physical Controls: fences, walls, locked doors, swipe-card access
- Technical Controls: password-protected logins, phone authenticators, fingerprint or retinal scanners, firewalls.
- Administration Controls: providing warnings, changing people’s behaviours, checking references for trustworthiness, security clearances,
Some of these may be obvious and some less so. If you have a technical team or advisor, you should definitely be talking to them at this stage to talk about what the options might be, and which are ones more secure, more expensive, more difficult to maintain or administer, and so on.