A picture is worth 1,000 words (especially if it has a lot of words on it). See Infographic below....more
All too often, organizations forget that cybersecurity is not a technology, it is a strategy. Throughout the industry we see reliance placed on technical solutions without much thought given to fundamentals and risk-based...more
From a regulatory perspective, many industries have been living in the land of milk and honey as cyber programs have largely been guided by voluntary measures. However, regulator’s patience has grown thin with the public...more
Let’s talk about the “New Cybersecurity Triad.” We’re all pretty familiar with the venerable C-I-A Triad whereby secure data exhibits the characteristics of Confidentiality, Integrity, and Availability. But today’s...more
Cybersecurity programs must be tested on a routine basis. It takes significant time and effort to develop a cybersecurity program. The efficacy of a program is only theoretical until thorough testing is conducted. One of...more
The CyberSecurity Framework (CSF) was created to solve a pernicious problem – repeated, damaging cyberattacks against US critical infrastructure sectors. The danger was such that President Barack Obama directed a federal...more
The reality of finite resources means cybersecurity programs that attempt to ‘boil the ocean’ – protect everything at once – are destined to fail. Risk-based cybersecurity programs are the solution. With such an approach,...more
Risk management is the process of minimizing or mitigating risk. It begins with identification and evaluation of the various types of risk that an organization faces, determining the probability that these risks will occur,...more
All organizations are at different stages of cybersecurity risk management program development. These stages range from one end of the spectrum, where cybersecurity is not a consideration at all, to the opposite end where the...more