Principles of Patrolling Applying Ranger School Lessons to Information Security Patrick Tatro

Principles of Patrolling Table of Contents Introduction Overview of Ranger School Army Doctrine and Frameworks The Five Principles of Patrolling Applying the Principles to Information Security Conclusion Principles of Patrolling

Everyone off and Follow Me! Introduction Everyone off and Follow Me! Principles of Patrolling

Principles of Patrolling Introduction Graduated from Ranger School in December 2004. Best Leadership training I’ve experienced. The lessons I learned in Ranger School contributed to my success as a platoon leader in Iraq and as an Information Security Professional. Principles of Patrolling

Overview of Ranger School One of the Army’s most difficult schools. Approximately 62 days long Training the Army’s leaders by simulating battlefield fatigue through physical exhaustion and lack of food and sleep. Benning Phase Mountain Phase Florida Phase Principles of Patrolling

Army Doctrine and Frameworks Field Manuals dictate tactics and maneuvers for situations leaders may face. Army doctrine identifies organizational structure, procedures, and standards. Similar to: Frameworks such COBIT, ISO, and NIST. Regulatory standards such as HIPAA and PCI. Principles of Patrolling

The Gap Between Doctrine and Reality Things never go as planned and leaders need to be able to adapt to the situation. Situations we face don’t fall neatly into a category or under a standard. Doctrine and frameworks provide a foundation but lack in providing decision making factors. Principles of Patrolling

The Five Principles of Patrolling Ranger School teaches the five principles of patrolling. Planning Reconnaissance Security Control Common Sense Principles of Patrolling

The Five Principles of Patrolling Principles provide leaders with: Basic criteria for evaluating different courses of action. The ability to adapt tactics to the situation. Guidance in addressing “grey areas.” Similar to: Confidentiality Integrity Availability Principles of Patrolling

Principles of Patrolling Planning Ranger Hand Book “Quickly make a simple plan and effectively communicate it to the lowest level. A great plan that takes forever to complete and is poorly disseminated isn’t a great plan. Plan and prepare to a realistic standard, and rehearse everything.” Information Security: Checklist in place of a plan. Plans reside at the framework level and do not get communicated to everyone at the different levels. Decisions are at individuals discretion and don’t account for future events or developments. Plans are not rehearsed, reviewed, or tested. Principles of Patrolling

Principles of Patrolling Reconnaissance Ranger Hand Book “Your responsibility as a Ranger leader is to confirm what you think you know, and to find out what you don’t.” Information Security: Threats and technology are constantly changing. Decisions are only as good as the intelligence they are based on. Confidence crosses into arrogance leaving organizations vulnerable. It is difficult to maintain accurate depiction of internal network and situation. Principles of Patrolling

Principles of Patrolling Security Ranger Hand Book “Preserve your force as a whole, and your recon assets in particular. Every Ranger and rifle counts; anyone could be the difference between victory and defeat.” Information Security: Tunnel vision on edge appliances and systems. All controls play a role and serve a purpose in the event of a breach. Your security posture is constantly changing and requires vigilance. Difficult to impart a security mentality outside of Information Security team. Principles of Patrolling

Principles of Patrolling Control Ranger Hand Book “Clear concept of the operation and commander’s intent, coupled with disciplined communications, to bring every man and weapon you have available to overwhelm your enemy at the decisive point.” Information Security: What is most important to the organization? What is the end state or mission? The ability to communicate during tense situations is often underestimated. Lack of planning, procedures, and clearly defined roles make it difficult to ensure controls are implemented in overlapping layers of defense. Principles of Patrolling

Principles of Patrolling Common Sense Ranger Hand Book “Do what you’re supposed to do, without someone having to tell you, despite your own personal discomfort or fear.” Information Security: Availability and lack of time make securing the little things difficult. Leaders need to be supportive in providing staff the opportunity to do the right thing. Leaders need to make tough on the spot corrections. Taking care of subordinates sometimes means making them do what they don’t want to do. IT staff don’t address network weaknesses that reflect their lack of knowledge. Principles of Patrolling

Applying the Principles to Information Security As technical professionals, we want black and white answers. Leaders exist because reality isn’t black and white. The principles of patrolling are a technique. Augment them or incorporate the CIA triad. Identify your own principles to reflect yourself or organization. Use your principles to constantly evaluate situations, recommendations, and decisions. Does this vendor relationship violate common sense? Does this employee request fall outside of your framework? Does it violate one of your principles and what can you change to meet the request and maintain your principles? Principles of Patrolling

Principles of Patrolling Conclusion Every leader, staff, and organization is different. Frameworks provide the foundation to build your Information Security Program upon. Leaders need to augment their experience and knowledge with principles that enable them to plan, lead, and make decisions under pressure. Principles of Patrolling

Principles of Patrolling Questions Principles of Patrolling

Principles of Patrolling Rangers Lead The Way Principles of Patrolling