I'm preparing a slide deck for my coming lightning talk on Defense in Depth within the Enterprise. The theme of the talk is what to expect when introducing a defense in depth approach into existing enterprise environments and how to respond to the issues that will arise from many different stakeholders. My reference points for this talk are from two primary enterprise level clients and a collection of smaller internet facing projects. As a solution or technical architect my perspective is mostly toward protecting personal information and how to design the solution to reduce the opportunity for an information security breach.
 |
| http://technet.microsoft.com/en-us/library/cc512681.aspx |
My talk is limited to 20 minutes so I need to cover a lot of ground fairly quickly. Being succinct is my strategy to completeness.
- Description of Defense in Depth
A brief description of the Defense in Depth security strategy. This is mostly to confirm understanding, set the shared vocabulary, and define the terms.
- Defense in Depth within the Enterprise
Provide a holistic view of Defense in Depth within the enterprise environment, while also providing examples of implemented solution architectures. A technical and solution architect perspective will be used in this review. The talk wants to focus more on the how-to rather that the strategic.
- Issues toward implementation
There are a plethora of issues that can arise when implementing defense in depth into the enterprise environment. These are not only technical and security related, but also operational and administrative or related to governance and compliance.
- Getting to finished
Given the plethora of issues and their related stakeholders (sometimes tasked with conflicting missions), it is possible to find agreement on the architectural decisions required to deploy a defense in depth approach. During this talk I will discuss approaches to reaching agreement, and provide a few project examples of how we got to finished with resolving different issues.
If you are interested in attending this talk feel free to join us at our St. John's BSides event on October 18th.
