1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Henry Ford and Incident Response

Discussion in 'Network World' started by RSS, Feb 12, 2016.

  1. RSS

    RSS New Member Member

    In the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to lower consumer prices. Ford’s solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts.

    While incident response is a bit different from automobile manufacturing, I believe that CISOs should assess their IR processes and take Ford’s 4 principles to heart. Here’s how I translate each one for IR purposes:

    1. Interchangeable parts. In Ford’s world, interchangeable parts meant that components like steering wheels and bumpers could be used to assemble all types of cars and thus keep the line moving. In IR, interchangeable parts means that all detection tools should be based on published APIs so that each one can interoperate with all others. It also means embracing standards like STIX and TAXII for threat intelligence exchange so data can be easily consumed or shared. Finally, interchangeable IR parts calls for the creation and adoption of cybersecurity middleware that acts as a higher-level abstraction layer for policy management/enforcement. I blogged about this concept after seeing an interesting presentation by Swisscom at Splunk .conf15. In effect, this middleware layer could make all underlying security enforcement points interchangeable and systematic.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page