Risk-Based Security for Executives

CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024

| | c-suite, CEO, liability, operational technology, Risk-Based Security for Executives, security incidents
Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial ...
The State of Security

Plights of the Round Table – Strategic Lessons from the Casino

| | CISO, risk management, Risk-Based Security for Executives, Vulnerabilities
In Part 1 of the Plights of the Round Table, the executive staff of Camelot was working on the strategic plan for the following year. Morgan, the CEO, needs to decide how ...
The State of Security

Plights of the Round Table – A Tale of Weighing Risk

| | Risk-Based Security for Executives
Chapter 1 In an ornate boardroom, a group of executives gathered at a large round table for their annual strategic planning meeting. Morgan, the CEO, was surrounded by Lana, the VP of ...
The State of Security
Modern Skills For Modern CISOs

Modern Skills for Modern CISOs: Your Questions Answered

| | CISOs, dbir, Malware, Risk-Based Security for Executives
Sometimes your best intentions are thwarted by technology. That was the case when Thom Langford and I attempted to do a Q&A session after our webinar “Modern Skills for Modern CISOs.” Unfortunately, ...
The State of Security
BAE Systems Logo

The Language of Risk: Bridging the Disconnect between the C-Suite and Cyber Security Experts

| | c-suite, Cyber Security Experts, Cybersecurity, Risk-Based Security for Executives
With data breaches regularly marking the headlines, it is no surprise that digital threats constitute an increasingly significant concern for the C-Suite and cyber security experts. What is surprising, however, is that ...
The State of Security
Assessment of Business cybersecurity

Cybersecurity Hygiene: Not a Dirty Little Secret for Long

| | cyber hygiene, FICO, Risk-Based Security for Executives, Vulnerabilities
In October 2018, FICO (a consumer credit scoring specialist) began scoring the cybersecurity of companies based upon a scan of internet facing vulnerabilities. FICO grades companies using the same scoring that is ...
The State of Security

Cybersecurity Is Every Leader’s Job

| | culture, Cybersecurity, risk, Risk-Based Security for Executives
Every organization is led by people who are responsible for setting the overall direction, establishing priorities, maintaining influence over organizational functions and mitigating risks. Given the wide range of organizational types across ...
The State of Security

Why You Need a Concrete Incident Response Plan (Not Strategy)

| | Incident Response, Infosecurity, IT Security, MITRE ATT&CK, risk management, Risk-Based Security for Executives, Security Awareness
Recently, I had the privilege to be part of a four-person discussion panel at a security event in London where the topic was about incident response. The panel was hosted by another ...
The State of Security

Security vs. Compliance: What’s the Difference?

| | Compliance, DEVOPS, Foundational Controls, IT Security, IT Security and Data Protection, Regulatory Compliance, Risk-Based Security for Executives
Security and compliance are often said in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go ...
The State of Security

Redefining the Meaning of Operational Risk

| | CISO, Operational Risk, Risk-Based Security for Executives, security
The definition of “operational risk” is variable, but it generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. I, however, want ...
The State of Security
Load more