A look back at OSI model and defense-in-depth security measures

How many of us still remember the 7 layers of the OSI model? Frankly, I could only recollect from Layer 7 downwards to Layer 4 and then I have to use the internet to see it again. This is also because I have been pampered to work on the application side for too long.?

Looking back at the OSI model, here are the 7 layers. I am mapping these to the important protocols herein, possible threats and security measures which can be applied to mitigate/control the threats.

Implementing security at each and every OSI layer will never guarantee against all cyberattacks. But, the more the layers that are protected, the more hardened is your application and system from any unintentional mishaps. Security is a continuous thing and it needs to be looked upon with discipline and knowledge to curb any new open holes.

While, it is rather hard to give a cost stamp to implementing security measures, it should be done from a business mindset. This implies that mission critical applications and data needs to be better protected as these can put an enterprise out of business; this risk should be addressed.

I hope this blog makes it clear why security is very important and definitely needed for business to stay alive. Next time if the Product Owner outs a low priority on a security measure user story, you could showcase the importance of implementing the security measure by explaining the OSI model and the threats. Another beautiful way is to do a threat modelling which I will cover in my next blog.