Abstraction in Cybersecurity
135. Simplifying cybersecurity policies and code to limit risk and reduce overhead
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Application Security | Cloud Security Architecture | The Principle of Abstraction
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post, I wrote about privilege escalation in a cloud account (AWS specifically, but it applies to any cloud environment.)
Now we want to try to write the policies using the approaches I mentioned in those blog posts. Before we do that I want to clarify something I wrote about previously as it is applicable to writing IAM policies with as few lines of code as possible and still achieve a correct result.
I’ve referenced the term abstraction in multiple blog posts. I talk about abstraction in terms of taking your policies and reducing them down to the things that are common into a higher level policy.
