The first formula is based on U.S. military basic war tactics and is called the four Ds. They are:
1. Detect – awareness of a threat
2. Deter – preempting exploitation
3. Defend – fighting in real-time
4. Defeat – winning the battle!
The second formula is well known in network security circles and is called the “Risk Formula”:
R = T x V x A
(R)isk = (T)hreats x (V)ulnerabilities x (A)ssets
So, to fully understand your risks, you need to deal with:
Threats = Cybercriminals, malware, malicious insiders
Vulnerabilities = Weaknesses that threats exploit
Assets = People, property, your network, devices, etc.
Now, let’s put these two formulas together—the 4Ds and the Risk Formula—to build a more proactive, next-generation defense:
4Ds x R = [4Ds x T] x [4Ds x V] x [4Ds x A]
Using the 4Ds with the Risk Formula:
- Threats need to be detected, deterred, defended against, and defeated in real-time or expect downtime.
- Vulnerabilities need to be detected, deterred, defended against, and defeated (i.e. removed by system hardening, reconfiguration, patching, etc.) as quickly as possible or expect to be exploited.
- Assets need to be controlled—which ones gain access to your network/infrastructure and those that are trusted but weak or infected need to be quarantined in real-time or expect malware propogation.
You’ll never be 100% secure, but you can dramatically reduce your risk and proactively defend your organization by containing and controlling threats, vulnerabilities, and assets.