This section describes the core underlying principles of CPNI’s protective security methodology. This methodology defines a holistic approach to the protection of your most important or sensitive assets – as protective security measures can only be truly effective if the physical, personnel and cyber elements are considered complementary to each other during the formulation of a protective security solution.
In order to achieve success, an adversary will attempt to identify and then exploit any perceived weakness within your protective security measures. Having an effective, proportionate security solution will mitigate the ease with which an adversary can formulate then carry out an attack plan.
Understanding this methodology will equip you with the knowledge to look critically at existing and proposed security measures, ensuring your protective security measures are fit for purpose and commensurate with the threats you face.
CPNI’s principles of Deter, Detect and Delay, Mitigate and Respond, supported by a security plan, will help to frustrate and disrupt an adversary’s attack timeline (from planning through to execution of an attack):
- Deter: stop or displace the attack
- Detect: verify an attack, initiate the response
- Delay: prevent the attack from reaching the asset (including measures to minimise the consequences of an attack)
- Mitigate: minimise the consequences of an attack against your site
- Respond: actions to prevent the goal of the attack being completed
The following sections provide links to detailed information on protective security measures and technologies which can be utilised to achieve these protective security principles.