Security Operations and the OODA Loop

I’ve mentioned Boyd’s OODA loop in a previous post but I thought it would make sense to share how I view the OODA loop driving the development of security operations. This is in contrast to the common derivation of the Deming cycle, that is often used in security programmes: Plan, Do, Check, Act (PDCA) .

Security Operations Centres (SOC) provide an increased ability to defend our businesses and their community from determined adversaries in cyberspace. A key framing view of a SOC is to consider the relationship between the SOC and the adversaries targeting the business as a combative relationship; as such an approach typified by Robert Boyd’s OODA loop is a useful tool for thinking comprehensively about how to plan our interaction with adversaries in the cyber domain.

Read the rest of this entry »

Measuring Black Boxes, part one

I have been attempting to capture the process or to be more accurate the heuristics of how I analyse security architectures. This was originally driven by the time it took me to document my conclusions and the lack of any particularly well-suited tooling but has increasingly become an attempt to communicate the method to other security architects. I also have a sneaking suspicion that a useful chunk of the process could be automated.

Due to the scale and complexity of many of the systems I have worked with a large part of the process has been to decompose a system and measure and characterise it’s components. This allows me to identify high risk areas of the system to focus my efforts.

Read the rest of this entry »

Board of Cyber

I have a lot of sympathy for UK boards of directors.

UK boards of directors have had cyber pushed onto their agenda by the government, regulators and the Financial Times for several years. Unfortunately many board members are often ill-equipped to fully understand the executive decisions regarding cyber they have now been prompted to review. This is exacerbated by a similar lack of understanding of cyber security among executive management teams and a lack of communication skills and business acumen among CISOs.
Read the rest of this entry »

Resilience is the new cyber security

This was a short introductory presentation I gave at the Investment Week Fund Management Summit in October 2015. This was a 30 minute presentation to a non-specialist and in some cases non-IT audience and as such it is higher-level and much of the material was discussed verbally rather than on the slides. That said it was well-received and I think helped some of the audience understand some of the issues around ‘cyber’.

Cyber Resilience: Managing Cyber Shocks

These are the slides supporting a presentation on the need for and the concepts behind Cyber Resilience and how it differs from Cyber Resistance. I talked about these concepts previously in the ICI Global Cyber Security Forum keynote I delivered and my notes from that speech are available here.

Twitter RSS