The New Cyber-Security Disease: Technology Over-Reliance

January 2016

Cyber security is a controversial field. Control frameworks, standards and good practice guidance; all point to similar matters from a perspective and describe sets of security controls, requirements, architectures or specifications. Regardless of the variety and wealth of material, they all sit on only a few key pillars;
  • know your information systems (asset management), 
  • manage access to them (access control),
  • prevent unauthorized disclosure (encryption, boundary defense, malware defense, secure design, etc.),
  • be prepared and informed if something goes wrong (testing, monitoring, threat intelligence, incident response, etc.).
Technology promise very much about delivering these capabilities with tons of fancy products out there. It is usually impressive and entertaining to inspect them in industry events, vendor demonstrations or proof of concept works. Nevertheless, integrating and running them within the existing IT landscape is often overlooked from the beginning.