Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 58

It is also important to recognize that countermeasures not only apply to protection but apply to detection and reaction as well. When people think of countermeasures, they typically perceive them to provide protection, in other words, stopping a loss from occurring in the first place and keeping the bad guys out. The reality is that countermeasures can provide protection, detection, or reaction. There is no such thing as perfect protection. Because protection will inevitably fail, it is just as critical to invest in detection and reaction capabilities.

Different studies indicate that up to 80% of investment in countermeasures is in protection. This unfortunately results in massive success for perpetrators who are able to get through the initial protection measures. In many cases, it is sometimes more feasible to focus on detection of malicious activity and not put effort into prevention, as it is too costly. For example, if you are trying to secure a public network, any people with malicious intent are already allowed on the network. Likewise, even well-meaning users might violate policies. For that reason, it might be more effective to look for potentially harmful activities and, where appropriate, reduce the users' capabilities.