Information Security is proving to be a static concept in the way it is being implemented even when considering the reality of adopting 'preventative security' and 'proactive security'. Both these approaches require integrated approaches that incorporate the human and physical security elements as much as IT security to provide 'security of information' against the converged nature of the cyber threat landscape. In most cases these represent relatively passive defence postures.
A proactive approach recognizes that a reactive posture can still lead to significant impact, and therefore active preparation is a cornerstone of security, requiring a program of awareness and preparedness-building. Unfortunately there is still little evidence of widespread awareness and appropriate preparedness.
While many firms are investing in IT security technology, breeches still occur, and organisations are still vulnerable to older threats in the hands of increasingly talented and advanced attackers. In the meantime, firms continue to experience unsustainable losses, cyber threats are now broader and more dangerous, and have proved that established ‘security’ concepts are insufficient in the face of advanced and well-funded attackers.
The shift to cyber ‘defence’ away from static 'security' concepts represents a search for a more dynamic concept of ‘defence'. Optimal Risk advocates advanced cyber defence concepts through a fusion of pro-active security and pre-emptive defence concepts, to create a pre-active defence strategy.
While pre-emptive defence is built on the assumption that active measures will anticipate current threats and are prepared to repel attacks, based on relevant threat intelligence, preparation and testing of response measures, and a ‘developed’ detection>response doctrine:
Pre-active Cyber Defence is built on the assumption that effective defence requires a pre-prepared, active plan to deter, ‘counter-act’, or engage threats as part of an active cyber defence doctrine.
Optimal Risk’s Advanced Cyber Defence services provide a full-lifecycle support for defence planning incorporating enhanced red team and blue team capabilities, to provide clients with an agile & effective response to attack, through scenario-based preparation for incident response; and the preparation of active defence measures by establishing conditions that will allow the employment of active methods, deployment of counter-measures, and an enhanced response capability:
For a discrete discussion, and presentation of the full advanced cyber defence concept please contact us at email@example.com