Security-In-Depth Using Integrated Risk-Conscious Controls
Today's attacks on IT infrastructure are becoming more frequent, targeted and sophisticated. They range from well-funded, state-sponsored attacks to attacks from trusted employees and consultants. And the targets of the attacks are equally wide-ranging, including national governments, utilities or other power-generating infrastructure, and private business. Yet most organizations seem stuck in the traditional castle-and-moat approach to security. This approach assumes there's a clear boundary between what's inside and outside the organization and that attacks come from external sources. Clearly today's threat environment requires a new approach.