Cybersecurity has traditionally and overwhelmingly focused on resistance to cyber attack: development and deployment of cyber controls that limit the extent and mitigate the impact of attacks, with the core assumption being that the organisation will be able to prevent most attacks, and at worst, continue to function near-normally during an incident and…
Tag: cyber
Cyber Resilience: Part One Introduction
This blog series is a re-tooling of a white paper I drafted in May 2015 while working at Stroz Friedberg. I want to thank Stroz Friedberg for the support and time to develop these ideas and specifically want to thank Bill Trent and Simon Viney from Stroz Friedbergs London office for…
A Rising Tide of Cyber Regulation?
I don’t envy regulators their task of ensuring the firms they supervise are managing their cyber risk well. The increasing dependence of firms and whole sectors on information technology (IT) and operational technology (OT) was always a creeping concern but has accelerated dramatically as a result of the ‘digital’ movement…
Security Operations and the OODA Loop
I’ve mentioned Boyd’s OODA loop in a previous post but I thought it would make sense to share how I view the OODA loop driving the development of security operations. This is in contrast to the common derivation of the Deming cycle, that is often used in security programmes: Plan, Do, Check,…
Board of Cyber
I have a lot of sympathy for UK boards of directors. UK boards of directors have had cyber pushed onto their agenda by the government, regulators and the Financial Times for several years. Unfortunately many board members are often ill-equipped to fully understand the executive decisions regarding cyber they have now…