Skip to content
  • About
  • Resilience
  • Analytics
  • Architecture
  • Testing
  • Management
  • Risk
  • Other
A black swan

Black Swan Security

A blog about cybersecurity.

Category: Resilience

January 8, 2022April 1, 2022 Phil

What do we protect in Cybersecurity?

Management, Resilience, Risk, Security

A short post comparing an information asset led approach to cybersecurity vs a critical service and customer-led approach.

Read More
March 19, 2018April 1, 2022 Phil

Long tails and poverty lines; cyber risk in the supply chain

Management, Other, Resilience

This week I’ve been attending the third cybersecurity roundtable hosted by the Institute of International Finance (IIF) at their 2018 IIF G20 Conference. The roundtable itself included a good discussion with regulators and firms as well as a summary of the IIF paper on cyber regulatory fragmentation. This paper is…

Read More
February 16, 2018April 1, 2022 Phil

Don’t over think cyber risk

Management, Resilience

I have been overthinking cyber risk. I’ve been trying to build a reliable model that I could rely on to mechanism my risk assessments. I’ll continue to refine my ideas because I enjoy the intellectual challenge. However, I am of the opinion that until we have the cybersecurity equivalent of…

Read More
November 30, 2017April 1, 2022 Phil

A change to the cyber risk landscape

Architecture, Management, Resilience, Security

On June 27th 2017 a cyber-attack called ‘NotPetya’ was launched against a large number of firms. The attack was notable for three reasons; it used a third-party software update mechanism to spread, it was a geopolitically motivated destructive attack that caused extensive damage to uninvolved bystanders it used automated techniques…

Read More
October 9, 2017April 1, 2022 Phil

Do CISOs have a higher calling?

Management, Resilience
Do CISOs have a higher calling?

I believe the security profession is coming close to an inflection point. The growing dependence on technology in our increasingly digital societies, the systemic and personal harm that data breaches can cause and the real world consequences of failures in an IoT-driven physical environment mean that security failures are no…

Read More

Posts navigation

Older posts

Recent Posts

  • What I’ve learnt writing cyber strategies with grand scopes
  • What do we protect in Cybersecurity?
  • Managing Identity Consciously
  • Why I don’t like PIGs in Security Risk
  • Security Folkways and Deliberate Security Culture
  • Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2
  • Open Security Summit 2020
  • What are we missing in risk?
  • Commercial & Government Cyber Conversation
  • Through the barricades..
  • Modern Security Risk Presentation
  • What are Information Assets?
  • Dressing up security with Bow-Ties
  • Asset Management Measurement for Cyber
  • Triage in Supply-Chain Cyber Risk Management
  • Security on the Bottom Line
  • What is Likelihood?
  • What is Information Security Risk?
  • Serious Business?
  • Invest in the CIO, before the CISO

Tag Cloud

44con 27001 analytics architecture assurance big data board boardlevel ciso conference cyber cyber resilience cyber security cynefin data science engagement governance information security infosec leadership management measurement OODA pen testing principles protectivemonitoring regulation resilience resistance risk security security analytics security architecture zones trust securitymanagement security management security management cyber securitymonitoring security risk securitystrategy securitytest security testing strategy supply chain testing third-party

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

If you would like to ask a question or comment on anything I have written here please contact me via Twitter at @oracuk, if you can please link back to the post in question in your tweet.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.