Cybersecurity Lessons from the Pandemic: Perception of Risk

The more “mature” among us may recall when decision-making under uncertainty was based on the concept of “rational economic man.” We estimated or calculated the probability and amount of a loss (or ...

Cybersecurity Lessons from the Pandemic: Models and Predictions

There are a number of different types of models—and the output from each must be viewed and used differently depending on the form of the model. First, you have relationships derived from ...

Truth, Trust and Cybersecurity Risk

It is a sad reflection on the times, but it is becoming increasingly difficult to distinguish among true and false “facts,” accurate and misleading interpretations, and personal and politically-expedient beliefs. In my ...

Cybersecurity Risk Management … Beyond the “Golden Period”

Where do we stand with the management of cybersecurity risk? Answer … Not in a good place. This position was further augmented upon reading an article in the January 23, 2020 Washington ...

Y2K … Two Decades Later

Why didn’t I use the title “Y2K at Twenty” for this column to match “The FS-ISAC at Twenty” that was posted on BlogInfoSec on January 6, 2020? Good question … easy answer ...
M&A

Managing Risk During an M&A

Build cybersecurity due diligence processes into your M&A strategy to protect your organization against security risks A merger or acquisition can introduce security risks, sometimes years after the transaction is finalized. In ...
Security Boulevard

The Cybersecurity Paradox

In “Our Neurotic ‘Privacy’ Paradox” by Jennifer Senior, which appeared in The New York Times of May 19, 2019, the reporter makes the following statement: “Resignation [to the loss of privacy] also ...

The Why and Wherefore of Cybersecurity Risk

There is a song in Gilbert and Sullivan’s “HMS Pinafore” light opera that begins “Never mind the why or wherefore.” Perhaps that has been a problem all along with cybersecurity risk management ...