Description

The art of war is of vital importance to the state. It is a matter of life or death. Hence, it is a subject which can on no account be neglected.--Sun Tzu

Why are we calling this war? It's because the conflict in cyberspace is a matter of national concern, and we are, most assuredly, losing the current struggle. So, what do we do? The person who best understands war is a 2,300-year-old Chinese general who saw conflict as more about process and strategy than fighting. Which, in essence, is the holistic concept.

Hence, this book is founded on two principles. First, cybersecurity is a state, not a technical solution. Accordingly, people and organizations must take active steps to both design and sustain a consistently secure operational process. Second, it's given that you have not attained the desired state if you have failed to deploy all of the controls necessary to achieve it.

The catch-all term for such an approach is "holistic." A holistic control architecture is the only way to achieve adequate protection. Therefore, holistic cyber defenses embody a single, unified system of electronic, behavioral, and physical controls that enforce continuous security across all common attack surfaces.

Why does the solution need to be holistic? It is because the cybersecurity function is responsible for securing three distinct and disparate types of attacks - electronic, human, and physical. And just as in war, the adversary doesn't care which attack surface they breach. They only want your stuff, and they will do whatever it takes to get it. In that respect, then, the only practical approach to cybersecurity is to create an integrated, appropriately tailored defense against any viable threat... electronic, human, or physical.

This book describes the lifecycle process for conceptualizing, implementing, and maintaining a holistic control solution. It centers on a well-defined process for planning, building, and ensuring comprehensive, in-depth cyber defense. In that respect, then, we will demonstrate why holistic security is the only way for an organization to identify and address all valid threats to its digital resources.