Survivability and Legal Defensibility
Traditionally, the information security industry has naively suggested that it is possible to protect against all potential threats and vulnerabilities. If you spend enough time and effort, the industry tells us, your information will be safe.
We believe this zero-sum mentality is outdated. Our focus has changed to that of survivability, where we view all environments as dynamic and in need of constantly-evolving analysis and protective measures. Defending against attacks is important, but so is monitoring, detecting, and responding to those attacks in order to minimize their impact.
Related to survivability is the concept of legal defensibility – the confidence to be able to declare in legal proceedings (which are unfortunately expected after a breach or successful attack) that you did all that was reasonable in order to protect your systems.
Our Information Protection Program helps organizations look beyond compliance and toward a longer-term view that acknowledges that determined attackers will inevitably succeed. The program not only includes assessment to find weaknesses and shore them up, but also helps plan for the aftermath to reduce the overall negative impact of an incident.
Go back to the IPP overview >>>