Prevent

The necessity for several preventive controls will likely become obvious during the risk
assessment and policy development process. This book will list specific technical
countermeasures to all of the attacks we discuss, but what sort of broader proactive
measures should be in place to mitigate risks, enforce security policy, deter attackers,
and promote good security hygiene? Consider the following items:
Education and training
Communications
Security operations
Security architecture
Education and training are the most obvious ways to scale a security effort across an
organization. Communications can assist this effort by scheduling regular updates for
line staff and senior management as well as keeping the information flowing between
the rest of the organization and the security group. (Remember that no security exists in
a vacuum.)
Security operations include general security housekeeping, such as security patch
management, malware protection, access control (both physical and logical), network
ingress/egress control, security monitoring and response, and security account/group
management. We will touch on best practices throughout all of these areas in this book.
Finally, and perhaps most importantly, some part of the security organization needs
to adopt a proactive, forward-looking view. The work of a security architect is particularly
relevant to application development, which must follow strict standards and guidelines
to avoid perpetuating the many mistakes that unavoidably occur in the software
development process. In addition, this role can perform regular evaluations of physical,
network, and platform security architecture, benchmarking them against evolving
standards and technologies to ensure that the organization is keeping pace with the most
recent security advancements.