Antidote for Fake Everything

Antidote for Fake Everything

In this digital era, anything can be faked; followers, news, experts, emails and so on. The possibilities are limited only by the imagination of the faker. It turns out that these issues were addressed back in 1996, by Carl Sagan, the world famous astronomer. His context was UFO s, but ... Read More
Information Security Risks, Gray Rhinos and Black Swans

Information Security Risks, Gray Rhinos and Black Swans

Information security over the past few years has been obsessed with zero day vulnerabilities, hacking exploits and headline making mega breaches. Every security risk manager is looking for the unknown unknowns that could result in untimely unemployment. But is that the right approach? One presentation and one book made me ... Read More

Understanding Intelligence

It is obvious that cyber security will continue to play an important part in national security. But as a Washington outsider, it is difficult to see inside government policies and organizations that are responsible for this security. Michael Hayden has taken a significant step in providing this insight through his ... Read More

Align Your Security Program With the Business

/ / Connecting the Dots
Information security used to be part of IT. That has changed recently; security now needs to be independently aligned with the business operations, not just IT operations. The PCI SSC calls this "Business as Usual" (BAU). NIST CSF talks about aligning cybersecurity requirements with business activities. I call this process ... Read More

Don’t fall victim to BEC

/ / Connecting the Dots
Business Email Compromise (BEC) continues to be one of the most successful information security attack vectors. Criminals steal email addresses and passwords of C level executives and then use this information to initiate fraudulent financial transfers from the executive's employer to the criminal's bank account. In this process the executive's ... Read More

Enterprise Risk Management and Information Security

/ / Connecting the Dots
Enterprise Risk Management (ERM) has been around at least since the days of the Trojan Horse. Information security risk management can learn much from ERM and avoid reinventing the wheel. The National Association of Corporate Directors (NACD) made this clear in the 2014 handbook Cyber Risk Oversight. Principle #1 is ... Read More