1
Practice Deliberate Security
Secure Assets by Risk: Security controls shall be designed to protect business assets appropriate to required security posture, business value, and associated risk.
Validate Trust Explicitly: Security assurance shall rely on explicitly validating trust decisions using all relevant available information and telemetry.
2
Support Business Objectives
Enable Modern Work: Security discipline shall enable productivity and manage risk as the organizational capabilities, goals, environment, and infrastructure continuously evolve.
Implement Asset-Centric Controls: Asset-specific security controls shall be implemented whenever available to minimize disruption of productivity, increase precision of security/business visibility, and improve data used to drive security compliance metrics.
Enable Sustainable Security: Security controls shall be sustainable across the full lifecycle of the business asset.
3
Develop a Security-Centric Culture
Practice Accountability: The entities responsible for accessing and handling assets shall be responsible for their protection and survival throughout their lifetime.
Enable Pervasive Security: Security discipline shall be explicitly included in the culture, norms, and processes throughout the organization.
Utilize Least Privilege: Access to systems and data shall be provided only as required, and access shall be removed when no longer required.
Deploy Simple Security: Security mechanisms shall be as simple as possible while retaining functionality and remaining pervasive, practicable, and scalable.
4
Deploy Agile and Adaptive Security
Make Informed Decisions: Security teams shall make decisions based on the best available information.
Improve and Evolve Security Controls: Security teams shall continuously evolve and improve to remain successful in an environment that constantly changes.
Utilize Defense in Depth: Security mechanisms and controls shall be layered to enhance resilience and preserve integrity.
Enable Resiliency: Security systems shall ensure the organization can operate normally under adverse conditions.
Discover a world of possibilities
Welcome to a world of rapidly increasing security posture & aligning security to business priorities, where the journey is to Guide organizations through an end-to-end security modernization from strategy and program level through architecture and technical planning using Zero Trust principles The only limit is the extent of your imagination. Navigating security intricate fabric, Provide best practices, references, and other guidance based on real-world lessons learned for
Strategy and Program (CISO Workshop)
Architectures and Technical Plans
Security Capability Adoption Planning
Cloud Estate Evaluation
Strategic Planning for the advancement of cloud infrastructure.
Verify conformity with the aims and goals of the business.
Create cloud architectures that are safe, scalable, and resilient.
Offer best practices and architectural direction for cloud infrastructure.
Adopt and support best security practices within the cloud environment.
Ensure compliance with security standards and regulations.
We have learned you have to be both aspirational and practical on your journey to modernize security – you need a clear direction to work in and incremental steps to execute each day.
Ayo Dada's Blog 