103
7Chapter
Tactics: An Introduction
Tactics are procedures or sets of actions used to achieve a speci c objective. In military opera-
tions, tactics de ne a number of maneuvers designed to give the attacking or the defending force
an advantage. For example, a fl anking maneuver is used to confuse and demoralize an enemy
force by attacking its position from multiple directions. Confusion causes people to hesitate, and
hesitation in war can be fatal.  e military objective is to defeat the enemy; fl anking is one means
to accomplish that objective. Frontal assault and Blitzkrieg are two other examples of off ensive
tactics.  ere are also a number of defensive tactics, including camoufl age, reconnaissance, and
the use of specialized weapons such as surface-to-air missiles, to deal with speci c attacks. Each of
these tactics has a parallel in the enterprise security realm.  is portion of the book covers a num-
ber of physical and information security tactics; the focus is primarily on defensive tactics because
off ensive measures have liabilities associated with them that most nongovernment organizations
do not want to deal with. Nonetheless, there are a couple of off ensive measures that certainly have
merit and are worth studying.
Tactical Framework
A target can be attacked in only so many ways. All tactics, off ensive or defensive, are based on
this limitation. In medieval days there were two basic ways to defeat a castle: assault or attrition
(siege). Castles had a number of tactical features designed to give the defenders a decided advan-
tage, including observation towers, high walls, moats, drawbridges, and fortifi ed gates. Assaulting
a castle was a costly proposition, especially in human lives, and there was no guarantee of success,
so many commanders chose siege instead. Castles were designed for that contingency too; they
had water wells and storehouses of food. Unfortunately, if the castle noble couldnt rally anyone
to help break the siege, supplies would eventually run out and the defenders would be forced to
surrender.
Castles provide a good metaphor for today’s IT environments because the attacks used against
IT systems mirror those used against castlesTrojan horses, malicious insiders, spies, imperson-
ation, and so on. What has changed, however, is the con guration of the castle and the alliances of
the king. Medieval castles had two or three possible entries; today’s computer networks have dozens
TAF-K11348-10-0301-C007.indd 103TAF-K11348-10-0301-C007.indd 103 8/18/10 3:08:05 PM8/18/10 3:08:05 PM

Get Security Strategy now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.