Grade of Protection #3 The commodities (toys) are encapsulated in the vending machine (plastic containers). All containers share the same Point of Sales (PoS) Policy #8 We face many "policies" (directives) everyday - whether in real world or in the cyber space. And we are told DeMilitarized Zone (DMZ) DMZ becomes the de facto standard for network segmentation. It is used to control network traffic across trust and untrusted Reinforcement Sometimes, security protection needs reinforcement to avoid deterioration of effectiveness over time. This can easily be visualized in real world. Enforcement Enforcement Having policy as written document isn't enough. If there is violation, it must be enforced thru correctional approach. In Assumption #3 When we develop written directive, there might be chance that certain elements are assumed and be implicit. It is essential Taxonomy #2 I have seen cybersecurity directive regarding applicability is to protect OT (Operational Technology) system so as to minimize cyber attacks Landscape Some cybersecurity practitioners only drill down to the level of details of network diagram or even wiring diagram to identify Taxonomy In policy development, it is essential the coverage of the rule is sufficient and precise to avoid ambiguity. A living Suspicious It is common to see such directive in subway, airport, key facilities, incident respond playbook etc. The problem is different Blind Spot When designing controls, we must understand what to protect. There might be blind spot that the intended controls are ineffective Policy #7 The illustrated directive is unclear. Drone, also known as unmanned aerial vehicle, has different form factors. If the sign comes « Previous 1 … 9 10 11 12 13 … 24 Next »
