An enterprise data breach and a forest fire have a lot in common. Both can happen suddenly, with little warning, rage out of control quickly and are difficult to contain.
In a fire, take away one of three key elements -- heat, oxygen and fuel -- and the fire dies. Similarly, without any one of the three factors essential for an attacker to facilitate a data breach, the breach event becomes impossible. That realization is what the Data Breach Triangle is all about.
In this special video presentation, Securosis CEO Rich Mogull introduces the concept of the Data Breach Triangle and how it encourages enterprises to rethink how they allocate resources toward data breach prevention.
Mogull begins by explaining the increasing importance of responding "faster and better" to security events because it is increasingly difficult, if not impossible, to "build up the big walls" and prevent every adversary from breaching the enterprise perimeter.
Next, Mogull uses the Data Breach Triangle to illustrate why enterprise data breach prevention strategies focus too much spending on defensive exploit prevention, and not enough on data protection and egress prevention. While he admits a data breach is just one type of enterprise risk, it's the one that organizations most often struggle to prevent.
Mogull then makes the case for rebalancing data breach prevention resource allocation toward detection and response, the tactical changes necessary to accomplish that goal, and how to put technology and processes in place to facilitate those changes.
About the speaker:
Rich Mogull is founder, CEO and analyst with Securosis LLC, a Phoenix-based information security consultancy. Rich has 20 years of experience in information security, physical security and risk management. He specializes in data security, application security, emerging security technologies and security management. Prior to founding Securosis, Rich was a research vice president at Gartner Inc., and previously worked as an independent consultant, Web application developer, software development manager at the University of Colorado, and systems and network administrator.