Principles of Patrolling Applying Ranger School Lessons to Information Security
description
Transcript of Principles of Patrolling Applying Ranger School Lessons to Information Security
Principles of PatrollingApplying Ranger School Lessons to Information Security
Patrick Tatro
Table of Contents
• Introduction• Overview of Ranger School• Army Doctrine and Frameworks• The Five Principles of Patrolling• Applying the Principles to Information Security• Conclusion
Principles of Patrolling
Introduction
Principles of Patrolling
Everyone off and Follow Me!
Introduction• Graduated from Ranger
School in December 2004.• Best Leadership training I’ve
experienced.• The lessons I learned in
Ranger School contributed to my success as a platoon leader in Iraq and as an Information Security Professional.
Principles of Patrolling
Overview of Ranger School
• One of the Army’s most difficult schools.• Approximately 62 days long• Training the Army’s leaders by simulating
battlefield fatigue through physical exhaustion and lack of food and sleep.
• Benning Phase• Mountain Phase• Florida Phase
Principles of Patrolling
Army Doctrine and Frameworks• Field Manuals dictate tactics and
maneuvers for situations leaders may face.
• Army doctrine identifies organizational structure, procedures, and standards.
• Similar to: – Frameworks such COBIT, ISO, and
NIST.– Regulatory standards such as HIPAA
and PCI.
Principles of Patrolling
The Gap Between Doctrine and Reality
• Things never go as planned and leaders need to be able to adapt to the situation.
• Situations we face don’t fall neatly into a category or under a standard.
• Doctrine and frameworks provide a foundation but lack in providing decision making factors.
Principles of Patrolling
The Five Principles of Patrolling
• Ranger School teaches the five principles of patrolling.
– Planning– Reconnaissance – Security – Control – Common Sense
Principles of Patrolling
The Five Principles of Patrolling• Principles provide leaders with:
– Basic criteria for evaluating different courses of action.
– The ability to adapt tactics to the situation.
– Guidance in addressing “grey areas.”
• Similar to:– Confidentiality– Integrity– Availability
Principles of Patrolling
Planning• Ranger Hand Book
“Quickly make a simple plan and effectively communicate it to the lowest level. A great plan that takes forever to complete and is poorly disseminated isn’t a great plan. Plan and prepare to a realistic standard, and rehearse everything.”
• Information Security:– Checklist in place of a plan.– Plans reside at the framework level and do not
get communicated to everyone at the different levels.
– Decisions are at individuals discretion and don’t account for future events or developments.
– Plans are not rehearsed, reviewed, or tested.
Principles of Patrolling
Reconnaissance• Ranger Hand Book
“Your responsibility as a Ranger leader is to confirm what you think you know, and to find out what you don’t.”
• Information Security:– Threats and technology are constantly
changing.– Decisions are only as good as the
intelligence they are based on.– Confidence crosses into arrogance leaving
organizations vulnerable.– It is difficult to maintain accurate depiction
of internal network and situation.
Principles of Patrolling
Security• Ranger Hand Book
“Preserve your force as a whole, and your recon assets in particular. Every Ranger and rifle counts; anyone could be the difference between victory and defeat.”
• Information Security:– Tunnel vision on edge appliances and
systems.– All controls play a role and serve a purpose
in the event of a breach.– Your security posture is constantly
changing and requires vigilance. – Difficult to impart a security mentality
outside of Information Security team.
Principles of Patrolling
Control• Ranger Hand Book
“Clear concept of the operation and commander’s intent, coupled with disciplined communications, to bring every man and weapon you have available to overwhelm your enemy at the decisive point.”
• Information Security:– What is most important to the
organization?– What is the end state or mission?– The ability to communicate during tense
situations is often underestimated.– Lack of planning, procedures, and clearly
defined roles make it difficult to ensure controls are implemented in overlapping layers of defense.
Principles of Patrolling
Common Sense• Ranger Hand Book
“Do what you’re supposed to do, without someone having to tell you, despite your own personal discomfort or fear.”
• Information Security:– Availability and lack of time make securing
the little things difficult. Leaders need to be supportive in providing staff the opportunity to do the right thing.
– Leaders need to make tough on the spot corrections. Taking care of subordinates sometimes means making them do what they don’t want to do.
– IT staff don’t address network weaknesses that reflect their lack of knowledge.
Principles of Patrolling
Applying the Principles to Information Security
• As technical professionals, we want black and white answers. Leaders exist because reality isn’t black and white.
• The principles of patrolling are a technique. – Augment them or incorporate the CIA triad.– Identify your own principles to reflect yourself or
organization.• Use your principles to constantly evaluate situations,
recommendations, and decisions.– Does this vendor relationship violate common sense?– Does this employee request fall outside of your
framework? – Does it violate one of your principles and what can you
change to meet the request and maintain your principles?
Principles of Patrolling
Conclusion
Every leader, staff, and organization is different. Frameworks provide the foundation to build your Information Security Program upon. Leaders need to augment their experience and knowledge with principles that enable them to plan, lead, and make decisions under pressure.
Principles of Patrolling
Questions
Principles of Patrolling
Rangers Lead The Way
Principles of Patrolling