top of page
Image by mauro mora

Protecting People Through Secure Systems for Safer Lives.

Cybersecurity Protects People, Even When You Cannot See It.

The Defensible 10 Standards exist to raise the quality of cybersecurity that supports everyday life. We do not sell cybersecurity products or operate security tools. We publish engineering-grade standards.

Why proof matters

Most people never see cybersecurity until something breaks. Ransomware can disrupt a hospital. A breach can expose student records. A service outage can delay travel and interrupt payments. These events do not happen because teams did not care. They happen when security work becomes inconsistent, unmeasured, or impossible to defend under pressure.

Invisible Until It Breaks

241 days
Mean time to identify and contain a data breach globally. (IBM and Ponemon, 2025)

What Defensible 10 Standards are

The Defensible 10 Standards provide a technical foundation for cybersecurity architecture and engineering. They define what competent security work should look like across the major domains that modern organizations rely on, including networks, cloud, applications, data, identity, monitoring, and incident response.

A standard is not a product. It is a shared blueprint for doing the work consistently, even as technologies change.

A Foundation, Not a Product

About 60%
Involvement of the human element in breaches across Verizon’s 2025 dataset.

Source: (Verizon DBIR, 2025)

WATER FACILITIES

Cybersecurity You Cannot See, Proof You Can Expect

This is a public awareness message about why cybersecurity proof matters for water reliability and public trust.

 

Defensible 10 Standards and the Defensible Loop help organizations turn cybersecurity intent into verified outcomes through evidence, traceability, and validation.
Define. Design. Deploy. Detect. Defend. Demonstrate.

The Defensible Loop turns standards into disciplined practice

A standard on paper does not protect anyone by itself. The Defensible Loop is the method organizations use to apply standards with discipline and to demonstrate results.

From Intent to Evidence

94 days
Median time to remediate leaked secrets discovered in a GitHub repository.

Source: (Verizon DBIR, 2025)

How does this help you

When organizations adopt engineering-grade standards and follow a disciplined loop, the public benefits in practical ways:

  • Fewer disruptions to critical services that families rely on

  • Stronger protection of sensitive personal data

  • Faster detection of abnormal activity before it becomes a public incident

  • More accountable cybersecurity leadership, supported by measurable results

  • Clearer expectations for vendors and service providers who support public-facing systems

 

This is not a guarantee that incidents will never happen. It is a higher standard of preparedness, discipline, and evidence when incidents occur.

Safer Lives Through Disciplined Design

279 days
Healthcare breaches took the longest to identify and contain, longer than the global average. Source: (IBM and Ponemon, 2025)

BANKING SYSTEMS

Cybersecurity You Cannot See, Proof You Can Expect

This is a public awareness message about why cybersecurity proof matters for banking, payments, and public confidence.

Defensible 10 Standards and the Defensible Loop help organizations turn cybersecurity intent into verified outcomes through evidence, traceability, and validation.
Define. Design. Deploy. Detect. Defend. Demonstrate.

Questions you can ask

If you want to evaluate whether an organization takes cybersecurity seriously, here are questions that signal maturity:

  • How do you verify your cybersecurity controls, not just document them

  • How do you measure and track progress over time

  • How do you validate resilience against ransomware and service disruption

  • How do you demonstrate accountability to leadership and oversight

  • How do you ensure security is built into the design, not added after deployment

 

Organizations that can answer clearly are usually doing more than checking boxes.

Accountability You Can Trust

67%
Share of U.S. adults who say they understand little to nothing about what companies are doing with their personal data.

Source: (Pew Research Center, 2023)

Engineering-grade cybersecurity is a public safety expectation

Society depends on digital systems that must remain trustworthy under stress. The Defensible 10 Standards and the Defensible Loop exist to strengthen that trust through disciplined practice and proof.

Supported by:

Research Center Main Logo-02.png

Training by:

new-1-blue-background_v2.png

Practitioner and Organizational Use

The Defensible 10 Standards (D10S) are published under a Creative Commons Attribution–NonCommercial 4.0 International License (CC BY-NC 4.0).


This license permits free use, adaptation, and internal implementation of the D10S by individual practitioners, educational institutions, and organizations for the purpose of research, training, architecture design, or internal security engineering.


Attribution to ISAUnited.org must be maintained in all uses, reproductions, or derivative works.

Commercial, Vendor, and Integration Use

The use, reproduction, or incorporation of the Defensible 10 Standards (D10S) or their content within commercial products, software, tooling, managed services, or for-profit offerings requires a separate commercial integration or redistribution license issued by the Institute of Security Architecture United (ISAUnited.org).


This includes but is not limited to:

  • Integration into commercial or subscription-based platforms or software tools

  • Use in vendor-branded frameworks or automated compliance products

  • Redistribution of modified or adapted versions for resale or commercial benefit

 

Requests for commercial licensing or integration agreements should be directed to:  info@isaunited.org

© 2026 The Defensible 10 Standards (D10S). Owned, operated, and maintained by the Institute of Security Architecture United (ISAUnited.org).

bottom of page