A UNIFIED THEORY FOR SECURITY PRACTITIONERS
In our day-to-day activities, if we are spending resources that are not designed to prevent material impact to our organization, we are wasting them. The threeessential tasks that support the first principle are: threat prevention, threat detection, and threat eradication. These comprise the network defender’s trinity; they are atomic and cannot be separated. If you do one and not the other, you will fail the first principle. Additionally, in order to accomplish the three essential tasks of the network defender’s trinity, you need to establish your own intelligence function in order to build adversary group dossiers for those potential adversary groups that pose the largest threat in terms of material impact. Once you have developed them, you need to share them with all the network defenders who have the capability to consume them.