We keep talking about new shiny, and increasingly fragile, controls that will prevent attacks or fiendishly clever algorithms or AI to which we can outsource all that hard or fast thinking we’re not good at but we are all still staring down the barrels of a loaded data breach gun waiting…
Tag: security
The security opportunity in Digital
Four years ago I discussed some of the characteristics of cyber security that made the use of the term useful, this was at a time when the use of cyber security was widely derided by practitioners of IT security and Information Security. One of the common complaints was that Cyber…
Cyber Resilience: Part Five What next?
Cyber resistance clearly requires leadership and operational intervention from specialised cyber professionals. However, Cyber Resilience requires a broader institutional response that encompasses all aspects of the business. As such, it needs to be owned by the entire executive management of an organisation. “The Department encourages all institutions to view cyber…
Cyber Resilience: Part Four Companies’ Plans Must Include Both Resistance and Resilience
Resistance to cyber attack is undoubtedly valuable and can produce effective outcomes. However, resistance is expensive and there is a law of diminishing returns on the investments made in resistance, Moreover, because the preparations and mitigations employed in resisting attacks are often specific to particular, point-in-time threats, ongoing resistance is…
Measuring Black Boxes, part one
I have been attempting to capture the process or to be more accurate the heuristics of how I analyse security architectures. This was originally driven by the time it took me to document my conclusions and the lack of any particularly well-suited tooling but has increasingly become an attempt to…