The Detection in Depth Focus Model

Thursday, December 08, 2011

Brent Huston

E313765e3bec84b2852c1c758f7244b6

Furthering the discussion on how detection in depth works, here is an example that folks have been asking me to demonstrate.

This is a diagram that shows an asset, in this case PII in a database that is accessed via a PHP web application. The diagram shows the various controls around detection in place to protect the data at the various focus levels for detection.

As explained in the maturity model post before, the closer the detection control is to the asset, the higher the signal to noise ratio it should be and the higher the relevance o the data should be to the asset being protected (Huston’s Postulate).

Hopefully, this diagram helps folks see a working example of how detection in depth can be done and why it is not only important, but increasingly needed if we are going to turn the tide on cyber-crime. (click image to enlarge)

DetectioninDepthFocusModel

As always, thanks for reading and feel free to engage with ideas in comments or seek me out on Twitter (@lbhuston) and let me know what you think.

Cross-Posted from State of Security
Possibly Related Articles:
13474
IDS/IDP
Information Security
Enterprise Security Cyber Crime Information Security Infosec IDS/IPS Business Threat Modeling Detection in Depth
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.