Using Permaculture to Cultivate a Sustainable Security Program
-
Upload
distil-networks -
Category
Technology
-
view
172 -
download
0
Transcript of Using Permaculture to Cultivate a Sustainable Security Program
![Page 1: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/1.jpg)
Using Permaculture to Cultivatea Sustainable Security Program
![Page 2: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/2.jpg)
Speaker
Chris NelsonDirector of Security for Distil NetworksVice President of Denver chapter of the ISSA Experienced in building security programs and controls across different verticals and maturity levels
![Page 3: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/3.jpg)
The Basics of Permaculture12 Design PrinciplesThe ZonesDesign ApproachesPermaculture PrinciplesPutting it all together
Agenda
![Page 4: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/4.jpg)
Why is this webinar About Nature?
Much of of this talk uses examples from nature
The goal is to apply these principles and design approaches to your environment
![Page 5: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/5.jpg)
The Basics of Permaculture
![Page 6: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/6.jpg)
What is Permaculture?
Permaculture (permanent agriculture) is the conscious design and maintenance of agriculturally productive ecosystems which have the diversity, stability, and resilience of natural ecosystems.
![Page 7: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/7.jpg)
The Prime Directive
The only ethical decision is to take responsibility for our own existence and that of our children
○ Life is cooperative rather than competitive
○ Life forms of very different qualities may interact beneficially with one another and with their physical environment
○ Cooperation, not competition, is the very basis of existing life systems and of future survival
![Page 8: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/8.jpg)
The 3 basic ethicsCare of the Earth (The System)Care of PeopleReinvest the Surplus
The Basic Ethics of Permaculture
The System
The People
Reinvest the
SurplusImage Source: www.lushusa.com
![Page 9: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/9.jpg)
The 12 Design Principles of Permaculture
Image Source: http://www.soilandsoul.org.uk
![Page 10: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/10.jpg)
Design starts with Observation
Design Principle IT Security Takeaway
Observe & Interact By taking time to engage with our systems and teams we can design solutions that suit our particular situation
Integrate rather than segregate
By putting the right things in the right place, relationships develop between those things and they work together to support each other
![Page 11: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/11.jpg)
Moving from Observation to Design
Design Principle IT Security Takeaway
Design from patterns to detailsWe can observe patterns in nature, society and our systems and teams. These can form the backbone of our designs, with the details filled in as we go.
Use slow and small solutions Small and slow systems are easier to maintain than big ones, making better use of local resources and producing more sustainable outcomes. This also allows us to fail faster and with less financial impact to the business.
Use edges and value the marginal
The interface between things is where the most interesting events take place. These are often the most valuable, diverse and productive elements in the system.
![Page 12: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/12.jpg)
Optimize the use of your Resources
Design Principle IT Security Takeaway
Use and value renewable resources and services
Make the best use of abundance, reduce consumptive behavior and dependence on non-renewable resources
Produce No Waste By valuing and making use of all the resources that are available to us, nothing goes to waste
Catch and Store Energy Developing systems that collect resources at peak abundance, we can use them in times of need
![Page 13: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/13.jpg)
All Things can be Turned into Positive Resources
Design Principle IT Security Takeaway
Use and Value Diversity Diversity reduces vulnerability to a variety of threats and takes advantage of the unique nature of the environment in which it resides
Apply Self-Regulation and Accept Feedback
Discourage inappropriate activity to ensure that systems can continue to function well
Creatively use and respond to change
We can have a positive impact on inevitable change by carefully observing, and then intervening at the right time
Obtain a Yield Ensure that you are getting truly useful rewards for your work
![Page 14: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/14.jpg)
The Zones of Permaculture
![Page 15: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/15.jpg)
What are the Zones and How are They Used?
Zones are used to organize design elements on the basis of the frequency of use or needs.
Zones are numbered 0 to 5
Frequently manipulated or harvested areas of a design have lower numbers
Develop the nearest area first, get it under control, and then expand the perimeter
012345
![Page 16: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/16.jpg)
What are the Zones and How are They Used?
012345
Zone Description
0 The house or center from which we work.
1 Includes elements in the system that require frequent attention, or that need to be visited often.
2 Includes artifacts that require less frequent maintenance
3 Main artifacts are grown here. After establishment, the maintenance required is fairly minimal.
4 A semi-wild area
5A wilderness area. There is no human intervention in zone 5 apart from observation of natural ecosystems and cycles.
![Page 17: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/17.jpg)
Aligning Security Processes and Controls to Zones
Align your controls based on:○ The number of times you need to visit the control; and○ The number of times the control needs you to visit it
For example:
Item Frequency Zone
IDS Alerts 25 to 50 per day 1
Malware Alerts 10 per week 2
VPN Logs 1 per day 3
Static Code Analysis 1 deploy per day 3
![Page 18: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/18.jpg)
Applying the Zones to Your System
Place components in relation to other components or functions for more efficiency
Every element must be placed so that it serves at least two or more functions
012345
![Page 19: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/19.jpg)
The Concepts Within Permaculture Design
![Page 20: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/20.jpg)
The Problem is the Solution
Everything works both ways - how we see things that makes them advantageous or not
Everything is a positive resource - it is up to us to work out how we may use it as such
![Page 21: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/21.jpg)
Make the Least Change for the Greatest Possible Effect
For example - When choosing a dam site, select the area where you get the most water for the least amount of earth moved.
![Page 22: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/22.jpg)
Seeking Order Yields Energy
Order and harmony produce energy for other
uses
Disorder consumes energy with no useful end
![Page 23: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/23.jpg)
Nature is full of Cycles, Learn to Harness them
Cycles are recurring events or phenomena
Every cyclic event increases the opportunity for yield
To increase cycling is to increase yield
Cycles exist In Nature
Cycles exist in IT
![Page 24: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/24.jpg)
Diversity of Components
The number of components in a system does not dictate their function or capacity
Diversity does not guarantee stability or yield
The beneficial connections between these components leads to stability
The more numbers and types of tools, people, systems, and software don’t dictate capacity
Positive connections between them, does
![Page 25: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/25.jpg)
Permitted and Forced Functions
Key elements in a system may supply many functions
Trying to force too many functions on an element makes it collapse.
People have a wide variety of skills
They like to use them instead of being forced into a single function.
![Page 26: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/26.jpg)
Work with nature, rather than against it
We can assist rather than impede natural elements, forces, pressures, processes, agencies and evolutions
“If we throw nature out the window, she comes back in the door with a pitchfork”
-Masanobu Fukuoka
Work to enable people, instead of impeding them
![Page 27: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/27.jpg)
Applying Laws and Principles to Design
Life Intervention PrincipleIn chaos lies opportunity to creative order
Law of ReturnWhatever we take, we must return
Our goal as designersTo prevent energy from leaving before the basic needs of the whole system are satisfied, so that growth, reproduction, and maintenance continue in our living components.
![Page 28: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/28.jpg)
Proper Placement Principle
If good placement is made, more advantages become obvious
If we start well, other good things naturally follow on as an unplanned results
![Page 29: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/29.jpg)
Obtaining Exportable Yields
Gain a footholdStabilize a small areaDevelop a self-reliance
Be flexible in management○ Steer based on trials○ Act on new information○ Continue to observe and adapt
Start with one critical project, get it running well, and then expand to other projects.
Adapt based on new information.
![Page 30: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/30.jpg)
Tips for Designing Efficient Programs
Design the program on paper
Start with a nucleus and expand outward
Set priorities based on economic reality
Locate and trade for components
Expand on information and area using controls suited for the site
Break up the job into small, easily achieved, basic stages and complete these one at a time
![Page 31: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/31.jpg)
Design Success Relies on People Embracing It
The success of any design comes down to how it is accepted and implemented by the people on the ground
Large, centralized schemes often result in ruins and monuments as opposed to stable, well-maintained ecologies
![Page 32: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/32.jpg)
Putting it all together
Every design is an assembly of components.The first priority is to locate and cost those componentsWhere resources are scarce, look closely at the site, thinking of everything as a potential resourcePlanning stage is critical First attend to Zones 0-2Develop very compact systems
![Page 33: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/33.jpg)
Additional Resources
http://permies.com
http://permaculturenews.org/
![Page 34: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/34.jpg)
The First Easy and Accurate Way to Defend Websites Against Malicious
Bots
About Distil Networks
![Page 35: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/35.jpg)
How the Distil Bot Detection Solution Works
As web traffic passes through Distil, the system
1. Fingerprints each incoming connection and compares it to our Known Violators Database
2. If it’s a new fingerprint, validates the browser to determine if it’s a Bot or Not
3. Based on your preferences, automatically tags, challenges, or blocks the bot
![Page 36: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/36.jpg)
How Companies Benefit from Distil
Increase insight & control over human, good bot & bad bot
traffic
Block 99.9% of malicious bots without impacting legitimate
users
Slash the high tax bots place on
internal teams & web infrastructure
Protect data from web scrapers, unauthorized aggregators &
hackers
![Page 37: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/37.jpg)
www.distilnetworks.com/trial/Free trials available
Two Months of Free Service + Traffic Analysis
![Page 38: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/38.jpg)
www.distilnetworks.com
QUESTIONS….COMMENTS?I N F O @ D I S T I L N E T W O R K S . C O M
1.866.423.0606OR CALL US ON
![Page 39: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/39.jpg)
Understandings
Everything is of use.
IT is not necessarily needed by people, but it is needed by the life complex of which we are dependent part.
We cannot order complex functions. They must evolve themselves.
We cannot know a fraction of what exists. We will always be a minor part of the total information system.
![Page 40: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/40.jpg)
Everything Makes it’s Own Garden
All things have an effect on their environment.
![Page 41: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/41.jpg)
Combining Permaculture Principles and Designs
![Page 42: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/42.jpg)
The Yield of a System is Theoretically Unlimited
The only limit on the number of uses of a resource possible within a system is in the limit of the information and imagination of the designer.
![Page 43: Using Permaculture to Cultivate a Sustainable Security Program](https://reader035.fdocuments.in/reader035/viewer/2022062523/587ed2781a28abdb198b55a7/html5/thumbnails/43.jpg)
Using Permaculture to Cultivate a Sustainable Security Program
For centuries mankind’s greatest innovations came about through careful examination of natural systems. Information Security is no different. This presentation will explore how information security professionals can use the agricultural concept of “permaculture” (the practice of using design principles observed in natural ecosystems) to cultivate a sustainable, data-driven security program.
In this fast-paced, thought-provoking session you’ll learn:
○ The basic tenets of permaculture and how they apply to information security strategy
○ How to build a security program that fosters collaboration, coupled with feedback loops and metrics
○ How embracing differences within an organization can lead to increases in productivity and security
○ Effective policy and control designs that enhance business objections as opposed to stifling them