It is no surprise that as our global reach extends and information is shared across the world, security risks are increasing with the expansion of the attack surface. For this reason, security professionals can no longer take a siloed approach to security. The problem stems from reactions to one threat while the rest of the organization is ignored, leaving those areas vulnerable.
What is holistic security?Holistic security
is an approach based on systems thinking that considers “how any security system’s constituent parts interrelate and work within the context of larger systems.” It applies to anything that requires security, including people.Perhaps said best by Pinkerton, holistic security is “ Looking at your company’s security as a whole, with many parts that affect others, means that you can anticipate issues that could arise when one system deteriorates, even if temporarily, and how that will affect the other systems that depend on it.”For security to be considered holistic, it must meet a few requirements, such as the security measures must be applied together, across surfaces, demanding that systems and devices are compatible and interoperable.The method includes the risk wheel, in which organizational security is divided into hazard and event risk, operational and physical risk, technology and informational risk, and market and economical risk.According to TechTarget, who emphasizes the human element, says, “All employees should be encouraged to provide feedback and suggestions and identify any security holes they detect. Security policies and procedures must be clearly understood by all personnel and those who will be working with the security system should have input to its implementation.”
Why use a holistic approach to security?
At its’ core, holistic security aims for continuous protection across all attack surfaces including the physical layer, software, hardware, and perhaps most importantly, the human attack surface. With this approach, you should seek to see an organization as a complex and interconnected system, whereby your security acts to integrate every aspect.Holistic security helps provide a closer look at your security program
and can even change the way an organization looks at security.
How do I learn enterprise security, incident response, and risk management?
As a natural progression in a security career, practitioners tend to move towards areas such as incident response and risk management, both of which are covered by the CompTIA CASP exam
. The CASP focuses on managing risk in the enterprise, conducting vulnerability assessments and analyzing network security concepts and components. Obtaining your CompTIA CASP certification
signifies that you possess the ability to provide the best cyber security solutions and protection for organizations worldwide.Not to mention CompTIA Advanced Security Practitioner meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is compliant with government regulations under the Federal Information Security Management Act (FISMA).Olivia Lynch (@Cybrary_Olivia)
is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.