Assumed Breach

The Assumed Breach Model – A Practical Approach Part 3

In Part 1 of this series I gave a brief overview of  the assumed breach model of security.  In Part 2, I dove into some details about major components to implementing the assumed breach model.  In Part 3, I am going to provide some concise, real world steps to moving toward this mindset within an organization.  I’ll use the same three categories from Part 2. This will be something that… Read More »The Assumed Breach Model – A Practical Approach Part 3

The Assumed Breach Model – A Practical Approach Part 2

In Part 1, I gave a brief overview of the Assumed Breach model.  In this part, I will begin to dive a little deeper into some of the areas where the assumed breach model can focus.  I am going to cover three areas: Network Segmentation Tiered Accounts and Access Control Log Management and Threat Hunting The idea is not to simply prevent attacks (though this is still an integral part… Read More »The Assumed Breach Model – A Practical Approach Part 2

10 Immutable Laws of an Assumed Breach

A few years back Microsoft released a set of 10 Immutable Laws of Security. These are tried and true and should be a foundation of security posture.  I have been developing some information around the Assumed Breach model of security.  You can read about it in a series of blog posts I am going to be publishing after the holidays on that very topic.  In this series, I am going… Read More »10 Immutable Laws of an Assumed Breach

The Assumed Breach Model – A Practical Approach Part 1

This is something I have been socializing for a while now, but I thought it was time to start putting some of thoughts down in writing. So what is the assumed breach model of security? To put it simply, it is a security strategy that assumes any given endpoint is breached and controls risk as such. That is an oversimplification, of course, as taking that approach would be an enormous… Read More »The Assumed Breach Model – A Practical Approach Part 1