This week, we released theCisco 2015 Annual Security Reportand used it as a platform to introduce the inaugural Cisco Security Manifesto. Our motivation for creating this set of security principles was to underscore to organizations that they must be more dynamic in their approach to security so they can become more adaptive and innovative than adversaries-and better protect users.
Here's a quick overview of the five basic principles of the Cisco Security Manifesto:
For some time now, we at Cisco have been saying that to deal with today's biggest security challenges, organizations need a simpler, scalable, threat-centric approach that addresses security across the entire attack continuum-before, during, and after an attack. The Cisco Security Manifesto is intended to help organizations evolve toward that approach, and gain a broader view of the attack continuum.
While many threats can be avoided, compromise is inevitable. "Real-world security" means not only having the ability to reduce the time to resolution when compromise does happen, but also to keep users, the ultimate assets, protected. And it has never been more important for security teams to focus on improving user protection. As theCisco 2015 Annual Security Reportexplains, users are not only targets for today's adversaries, but they are also now "the complicit enablers of attacks."
We suggest that embracing the principles in the Cisco Security Manifesto, or a similar set of guidelines, will better position organizations to help every user-from the chief executive to the newest hire-to understand their place in the "big picture" of security. When users no longer need to engage in risky behavior for the sake of doing their jobs and also understand the potential security consequences of their actions, security teams can better protect them. And better-protected users are far less valuable to adversaries who rely on them to be weak links in the security chain.
As they say, knowledge is power.