Archive for the ‘Resilience’ Category

Security Operations and the OODA Loop

I’ve mentioned Boyd’s OODA loop in a previous post but I thought it would make sense to share how I view the OODA loop driving the development of security operations. This is in contrast to the common derivation of the Deming cycle, that is often used in security programmes: Plan, Do, Check, Act (PDCA) .

Security Operations Centres (SOC) provide an increased ability to defend our businesses and their community from determined adversaries in cyberspace. A key framing view of a SOC is to consider the relationship between the SOC and the adversaries targeting the business as a combative relationship; as such an approach typified by Robert Boyd’s OODA loop is a useful tool for thinking comprehensively about how to plan our interaction with adversaries in the cyber domain.

(more…)

Resilience is the new cyber security

This was a short introductory presentation I gave at the Investment Week Fund Management Summit in October 2015. This was a 30 minute presentation to a non-specialist and in some cases non-IT audience and as such it is higher-level and much of the material was discussed verbally rather than on the slides. That said it was well-received and I think helped some of the audience understand some of the issues around ‘cyber’.

Cyber Resilience: Managing Cyber Shocks

These are the slides supporting a presentation on the need for and the concepts behind Cyber Resilience and how it differs from Cyber Resistance. I talked about these concepts previously in the ICI Global Cyber Security Forum keynote I delivered and my notes from that speech are available here.

ICI Global Cybersecurity Forum 2015 Keynote: Cyber Resilience

Yesterday I was lucky enough to be given the opportunity to deliver the keynote for the ICI Global Cybersecurity Forum in London. It was a great event with some seriously considered debates, some well run panels and lot of practitioners I hadn’t met before. I’ve decided to publish my speaking notes here, I rambled all across these notes and embellished in many places but these reflect the main body of my speech. I was especially pleased with the level of engagement after I spoke, mostly to prove I wasn’t as bad as I feared, but also it showed I had touched a nerve with many on the room.

I include my speaking notes below, these borrow heavily from a draft whitepaper I have been writing and sharing with clients and other stakeholders for their comments.

  (more…)

Twitter RSS