Defining Cyber Defense
In today’s Internet-driven and data-dependent society, there is an abundance of information assurance expertise; however, there are very few companies who possess experience and expertise in true cyber defense and even fewer who have a clear vision for cyber agility.  Most information assurance programs primarily focus on information security from an infrastructure or computing resource configuration perspective, leveraging industry best practices and guidelines dictated by the National Institute of Science and Technology (NIST) or Department of Defense (DoD). 
Conversely, cyber defense extends beyond the traditional realm of information assurance, incorporating the best practices, and adding several additional key attributes, such as quantifying the attack surface’s surface area, enumerating the “threatscape”, shoring up key deficiencies within the enterprise security architecture to ensure proper nesting of controls, and integrating reporting capabilities across enterprise information resources.  Our security analysts take a non-traditional, quantitative approach to measuring control effectiveness, statistically assessing risks to the info-structure, and integrating the capabilities to properly defend information resources commensurate with the information assets value from a mission perspective.