Chapter 11. Counter Intelligence
The ultimate in disposing one's troops is to be without ascertainable shape. Then the most penetrating spies cannot pry in nor can the wise lay plans against you.
—Sun Tzu, The Art of War
This book has discussed a number of different attacks and the ways they can be deployed against an organization. This chapter wraps things up by covering some of the ways organizations can protect themselves. By now you surely realize that implementing security in all its forms can become a monumental task and that nothing is truly secure. The best you can ever hope for is to mitigate risk as much as possible while maintaining a viable business model. The main risks can be categorized as follows:
Exposure of information, usually inadvertently;
Social engineering attacks against staff;
Computer and network attack;
Poor physical security;
Physical intelligence gathering.
Not every organization can expect to face all of these risks, at least not equally. It is important for organizations to assess their level of risk because only then can they take steps to limit it. This book started with Sun Tzu and I thought it appropriate to end it with another erudite quote from the man. It can be a little daunting to realize that protecting a business and its interests from all the threats ranged against it can be like preparing for battle. In a way though, this is precisely the right way to think about security: understand the enemy and predict his attacks; understand your weaknesses ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
