This paper describes some patterns for information security problems that consistently emerge
among traditional enterprise networks and applications, both with respect to cyber threats and data
sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network
operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of
data aggregates, training efficacy, and security decision support in the human machine interface. While
proven techniques can address many enterprise security challenges, we provide additional
recommendations on how to further improve overall security posture, and suggest additional research
thrusts to address areas where known gaps remain.
|