Skip to content
  • About
  • Resilience
  • Analytics
  • Architecture
  • Testing
  • Management
  • Risk
  • Other
A black swan

Black Swan Security

A blog about cybersecurity.

Category: Resilience

March 19, 2018March 19, 2018 Phil

Long tails and poverty lines; cyber risk in the supply chain

Management, Other, Resilience

This week I’ve been attending the third cybersecurity roundtable hosted by the Institute of International Finance (IIF) at their 2018 IIF G20 Conference. The roundtable itself included a good discussion with regulators and firms as well as a summary of the IIF paper on cyber regulatory fragmentation. This paper is…

Read More
February 16, 2018February 21, 2018 Phil

Don’t over think cyber risk

Management, Resilience

I have been overthinking cyber risk. I’ve been trying to build a reliable model that I could rely on to mechanism my risk assessments. I’ll continue to refine my ideas because I enjoy the intellectual challenge. However, I am of the opinion that until we have the cybersecurity equivalent of…

Read More
November 30, 2017 Phil

A change to the cyber risk landscape

Architecture, Management, Resilience, Security

On June 27th 2017 a cyber-attack called ‘NotPetya’ was launched against a large number of firms. The attack was notable for three reasons; it used a third-party software update mechanism to spread, it was a geopolitically motivated destructive attack that caused extensive damage to uninvolved bystanders it used automated techniques…

Read More
October 9, 2017March 29, 2019 Phil

Do CISOs have a higher calling?

Management, Resilience
Do CISOs have a higher calling?

I believe the security profession is coming close to an inflection point. The growing dependence on technology in our increasingly digital societies, the systemic and personal harm that data breaches can cause and the real world consequences of failures in an IoT-driven physical environment mean that security failures are no…

Read More
April 3, 2017May 15, 2017 Phil

Not so basic but definitely essential.

Management, Resilience, Security

We keep talking about new shiny, and increasingly fragile, controls that will prevent attacks or fiendishly clever algorithms or AI to which we can outsource all that hard or fast thinking we’re not good at but we are all still staring down the barrels of a loaded data breach gun waiting…

Read More

Posts navigation

Older posts

Recent Posts

  • Managing Identity Consciously
  • Why I don’t like PIGs in Security Risk
  • Security Folkways and Deliberate Security Culture
  • Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2
  • Open Security Summit 2020
  • What are we missing in risk?
  • Commercial & Government Cyber Conversation
  • Through the barricades..
  • Modern Security Risk Presentation
  • What are Information Assets?
  • Dressing up security with Bow-Ties
  • Asset Management Measurement for Cyber
  • Triage in Supply-Chain Cyber Risk Management
  • Security on the Bottom Line
  • What is Likelihood?
  • What is Information Security Risk?
  • Serious Business?
  • Invest in the CIO, before the CISO
  • Value of Security
  • Insider Risk Management

Tag Cloud

44con 27001 analytics architecture assurance big data board boardlevel ciso conference cyber cyber resilience cyber security cynefin data science engagement governance information security infosec leadership management measurement OODA pen testing principles protectivemonitoring regulation resilience resistance risk security security analytics security architecture zones trust securitymanagement security management security management cyber securitymonitoring security risk securitystrategy securitytest security testing strategy supply chain testing third-party

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.