Breached. Compromised. Infiltrated. Exposed. These are four words no CISO wants to
see in their inbox. Looked at another way, however, they can be immensely valuable.
How, you ask? By accepting these four words as the status quo and by assuming at all
times that you have been breached (whether or not that is actually the case), decision
making becomes much simpler. Any decision made from the standpoint that the attacker
is already inside your environment is straightforward, easily justified, simple to commu-
nicate and encourages a more secure posture; thus, using this concept as a deci-
sion-making tool can help companies get ahead of the game. To begin with, the reason-
ing behind technical security decisions can be rather opaque to non-security staff and
is often put into the “because security said we have to” bucket. This in turn fosters the
kind of negative sentiment often attributed to information security policies. But the con-
cept of Assume Breach makes it very easy for both technical and non-technical staff to
understand the “why” behind security leadership decisions and is an approach they can
apply in their everyday work.
FALL 2019 | THE DOPPLER | 33