실패는 성공의 어머니?

사이버보안이 필수적으로 요구되는 IT기업은 사이버보안 실패를 배움으로 삼을 수 있는 여유가 없다. 이러한 고신뢰 조직인 IT기업에게 필요한 여섯 가지 원칙을 제시하고 있다.

*도덕성, 충분한 지식, 절차 준수, 예비요원 동반 의무, 의문을 제기하는 태도, 정해진 형식에 따른 의사소통

[Abstract]

The vast majority of companies are more exposed to cyberattacks than they have to be. To close the gaps in their security, CEOs can take a cue from the U.S. military. Once a vulnerable IT colossus, it is becoming an adroit operator of well-defended networks. Today the military can detect and remedy

intrusions within hours, if not minutes. From September 2014 to June 2015 alone, it repelled more than 30 million known malicious attacks at the boundaries of its networks. Of the small number that did get through, fewer than 0.1% compromised

systems in any way. Given the sophistication of the military’s cyberadversaries, that record is a significant feat.

[Reference]

“Cybersecurity’s Human Factor: Lessons from the Pentagon”, James A. Winnefeld Jr., Christopher Kirchhoff, and David M. Upton (2015.9, HBR)