Why the Security Stack Has Ten Layers, Not Seven: The next item to tackle is the overall security architecture – and this includes several things. But let me first state the disclaimer that of course it is imperative that the correct governance and policies are in place and that technology can’t replace those things.
But, it is also clear that however sophisticated, no paper document or process design will block an attack in the meantime until you have both the supporting policies and the enforcing technologies set up.
It is therefore – as a reality check if you want – necessary to take care of the very basic things, to have the long standing “perimeter” (this is the “outer wall” so to speak, the common (logical) border line around your company’s infrastructure and network, the “first line of defense”) in place, and a few other common necessities such as antivirus filters, intrusion prevention, secure browsers and a SIEM (Security Information and Event Management) system as well.
Here is why: No matter what kind of business you have, no matter how sophisticated your processes and products are – your company most certainly will have a network using TCP/IP (TCP/IP: Transmission Control Protocol / Internet Protocol, both together are used ubiquitous in today’s internet infrastructure), it will exchange files with 3rd parties (inside and outside the perimeter), and it most likely will use the security-prone MS Windows products (at least at the user client side).