Archive for the ‘Resilience’ Category

Cyber Resilience: Part One Introduction

This blog series is a re-tooling of a white paper I drafted in May 2015 while working at Stroz Friedberg. I want to thank Stroz Friedberg for the support and time to develop these ideas and specifically want to thank Bill Trent and Simon Viney from Stroz Friedbergs London office for their assistance and review. I also recieved valuable feedback from David Porter at Resilient Thinking and Dave Whitley at BAE Systems.

Introduction

The prevalence of digitally-enabled businesses, Internet-dependent customers and Internet-connected supply chains creates near unlimited opportunities and points of entry for cyberattacks, and significantly increases the potential for cybercrime to damage a company’s ability to maintain operations. This has created an environment in which cyberattacks by criminals, hacktivists and state-sponsored actors are more frequent and more damaging than ever.

(more…)

Security Operations and the OODA Loop

I’ve mentioned Boyd’s OODA loop in a previous post but I thought it would make sense to share how I view the OODA loop driving the development of security operations. This is in contrast to the common derivation of the Deming cycle, that is often used in security programmes: Plan, Do, Check, Act (PDCA) .

Security Operations Centres (SOC) provide an increased ability to defend our businesses and their community from determined adversaries in cyberspace. A key framing view of a SOC is to consider the relationship between the SOC and the adversaries targeting the business as a combative relationship; as such an approach typified by Robert Boyd’s OODA loop is a useful tool for thinking comprehensively about how to plan our interaction with adversaries in the cyber domain.

(more…)

Resilience is the new cyber security

This was a short introductory presentation I gave at the Investment Week Fund Management Summit in October 2015. This was a 30 minute presentation to a non-specialist and in some cases non-IT audience and as such it is higher-level and much of the material was discussed verbally rather than on the slides. That said it was well-received and I think helped some of the audience understand some of the issues around ‘cyber’.

Cyber Resilience: Managing Cyber Shocks

These are the slides supporting a presentation on the need for and the concepts behind Cyber Resilience and how it differs from Cyber Resistance. I talked about these concepts previously in the ICI Global Cyber Security Forum keynote I delivered and my notes from that speech are available here.

ICI Global Cybersecurity Forum 2015 Keynote: Cyber Resilience

Yesterday I was lucky enough to be given the opportunity to deliver the keynote for the ICI Global Cybersecurity Forum in London. It was a great event with some seriously considered debates, some well run panels and lot of practitioners I hadn’t met before. I’ve decided to publish my speaking notes here, I rambled all across these notes and embellished in many places but these reflect the main body of my speech. I was especially pleased with the level of engagement after I spoke, mostly to prove I wasn’t as bad as I feared, but also it showed I had touched a nerve with many on the room.

I include my speaking notes below, these borrow heavily from a draft whitepaper I have been writing and sharing with clients and other stakeholders for their comments.

  (more…)

Twitter RSS