WebApp Sec: Re: [WEB SECURITY] The Möbius Defense, th e end of Defense in Depth

[Pete Herzog <lists () isecom org>]

Walt,

One question- if the definition has shifted- why hasn't anyone updated 
any of the definitions in all the books, courses, and websites?
It's a failure on our part to change the definition in practice and 
still refer to it academically as something else (layered security, 
multiple layers, etc.).  So maybe it has changed with the times but 
whether you go with the military or the common definitions of all the 
print and on-line resources, your new definition doesn't fit to the 
old. It's time we start letting the others know that the old one no 
longer applies. That's one thing we did in the presentation. But 
again, that's just one part of the Möbius Defense. There are more 
improvements based on current research that we also added.
Sincerely,
-pete.

> Pete,
>
> I think what you will find as you take your presentation into the
> information security community is that when most of us speak or work
> to implement DiD, we are doing what you call the Möbius defense.
>
> You are working with the military definition, but in the business
> world the definition of DiD has shifted.
>
> To myself and those colleagues that I've discussed your ideas and
> presentations with, Did=Möbius.
>
> Thanks!