Continuous Monitoring in OS X Systems and Security
Dan Griggs, cmdSecurity
Compromise of the device in inevitable. We lock down devices, we break things for our users, we forbid them certain rights, and yet it still gets broken.
Continuous Monitoring is necessary if breakage is inevitable. State change and state monitoring is critical. Define what is most sensitive about a system, lock down access to those components. Moderately secure the rest of the system for UX improvements.
Watch for the vulnerability's end result, not the vulnerability.