Information Technology Reference
In-Depth Information
Figure 8.2
exogenous and endogenous defense-in-depth: core and key
perspectie.
n
−
−
−
−
−
−
−
−
Respond
Notify
Triage
Escalate
Isolate
Treat/fix
Restore
Root cause analysis (RCA)
Organizational feedback
Figure 8.2 presents core and key aspects of the organization in context of exog-
enous and endogenous defense-in-depth. Endogenous defense-in-depth priorities
are core and key; however, a purely endogenous view is limited. The exogenous
perspective looks at the threat space external to the organization and considers
defense-in-depth from the perspective of preemption.
8.3.2
Exogenous View of Defense-in-Depth
When dealing with environments outside the organization, the IA architect exam-
ines organizational scope of control. The organization may indeed control the exter-
nal environment, for instance, when considering IA services for a wholly owned
subsidiary. When dealing with partners, vendors, and customers, the organization
will likely not exert much control, but it may exert influence; it is unable to con-
trol or influence the outside environment, but it may control its own response to
external events. For example, the organization may depend on a utility company to
provide electricity.
