Cybersecurity has traditionally and overwhelmingly focused on resistance to cyber attack: development and deployment of cyber controls that limit the extent and mitigate the impact of attacks, with the core assumption being that the organisation will be able to prevent most attacks, and at worst, continue to function near-normally during an incident and…
Category: Resilience
Cyber Resilience: Part One Introduction
This blog series is a re-tooling of a white paper I drafted in May 2015 while working at Stroz Friedberg. I want to thank Stroz Friedberg for the support and time to develop these ideas and specifically want to thank Bill Trent and Simon Viney from Stroz Friedbergs London office for…
Security Operations and the OODA Loop
I’ve mentioned Boyd’s OODA loop in a previous post but I thought it would make sense to share how I view the OODA loop driving the development of security operations. This is in contrast to the common derivation of the Deming cycle, that is often used in security programmes: Plan, Do, Check,…
Resilience is the new cyber security
This was a short introductory presentation I gave at the Investment Week Fund Management Summit in October 2015. This was a 30 minute presentation to a non-specialist and in some cases non-IT audience and as such it is higher-level and much of the material was discussed verbally rather than on…
Cyber Resilience: Managing Cyber Shocks
These are the slides supporting a presentation on the need for and the concepts behind Cyber Resilience and how it differs from Cyber Resistance. I talked about these concepts previously in the ICI Global Cyber Security Forum keynote I delivered and my notes from that speech are available here.