Do you want to build a dashboard?

‘Do you want to build a dashboard?’: Building a risk-based cybersecurity dashboard to improve executive decision-making Most organizations have an executive dashboard for cybersecurity. Unfortunately, most are designed and built by the IT organization, and most focus on compliance and maturity rather than on what truly matters – risk mitigation. Even worse, most provide little ability to drive effective executive decision-making. Let’s start with a very simple premise: cybersecurity is a business enabler. If risk is well understood within an organization, it will have been quantified in dollars. Cybersecurity, then, […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for January 2020, Part 2

Cybersecurity: A guide for parents to keep kids safe online – ZDNet Security Being a parent can be a rewarding but stressful endeavor, and in today’s networked world, it is not just physical risks to children that have to be considered in modern parenting strategies. Editor’s note: A great reminder that good cyber hygiene begins at home.  READ MORE Mandatory IoT Security in the Offing with U.K. Proposal – Threatpost The new U.K. law mandates that manufacturers apply several security controls to their connected devices. The U.K. government has unveiled […]

by Dawn Dunkerley
Contributing Editor

Read more

CISO New Year’s Resolutions

CISO New Year’s Resolutions…is 2020 the year your organization finally makes security a business driver? And how would you know? It’s usually right about now when my New’s Year resolutions start to waver.  So I thought it would be a good time for all of us in cyber to take stock of how we’re doing so far in 2020. This article from Dark Reading offers a good place to start: 1. Resolve to Make Security a Business Driver 2. Resolve to Prioritize Privacy 3. Resolve to Focus on the Human […]

by Bret Bergman
Contributing Editor

Read more

Let’s speculate

Let’s speculate wildly on the year(s) ahead in cyber… Do you want to hear something freaky? The US Navy has a weapons system with destructive powers so great Dr. Doom and Lex Luthor would both find themselves blushing. Ok, that isn’t news but what may be of interest is the rumor that such a system runs on Windows XP. (note to the US Government; this is just a corroborated rumor I have heard and nothing more) … For those not following the RSS feed from Microsoft Corp, they stopped supporting […]

by Richard Berkley
Contributing Editor

Read more

No shortcuts, just good management

I have been supporting organizations through transformations for 20 years. If there is one common thread it is that they are all looking for a silver bullet – buy something, install technology, hire or fire someone, re-organize. The fact is, there is not an easy answer. Read the research about the success rates of transformation, including digital transformation, and you will see that they all say the same thing: ‘75% of transformations fail’. The truth is, if people actually bothered to measure their cyber programs, they would realize that 75% […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for January 2020

6 CISO New Year’s Resolutions for 2020 – Dark Reading We asked chief information security officers how they plan to get their infosec departments in shape next year.  Editor’s note: Great recommendations that, as a CISO myself, I will personally be focusing on in 2020 and beyond.  READ MORE Hacking School Surveillance Systems – Schneier on Security Lance Vick suggesting that students hack their schools’ surveillance systems. “This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said. […]

by Dawn Dunkerley
Contributing Editor

Read more

Cyber OT governance….what’s the right answer?

Who is accountable?  As we help our industrial clients operationalize cyber security and harmonize IT and OT, this question is always front and center.  This article from Verve offers a thought-provoking perspective on OT cyber governance and lays out five principles for establishing the right governance model for OT cyber security in your organization. It’s a very worthwhile read and whether you completely agree with Verve’s perspective or not, I believe you will find it thought provoking. The perspective I found most intriguing was “there is no ‘single point of […]

by Bret Bergman
Contributing Editor

Read more

Let’s Salute Women in Technology and Grow the Workforce of the Future

This past Friday, I had the opportunity to attend and deliver a plenary speech at the Cyber Trainsitions Conference hosted by the University of Central Florida at the Orange County Convention Center in Orlando, Florida. My topic was “Integrating Women and Underrepresented Communities into the Cyber Workforce.” After discussing the contributions women and underrepresented groups have made to computer programming, we transitioned to a robust discussion over various initiatives to improve the number of women and minorities pursuing STEM education and careers.  Here are a few highlights: Primary and Secondary STEM […]

by Patricia Frost
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for November 2019

Security pros explain Black Friday best practices for consumers and businesses – TechRepublic Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites. Strong Black Friday and Cyber Monday sales crush fears of retail apocalypse but not cyber security concerns. The holiday shopping season is off to a record breaking start but analysts are reminding consumers to play it safe online.  Editor’s note: Practicing good cyber hygiene year-round is a must, but an interesting tidbit to note from this article is that credit […]

by Dawn Dunkerley
Contributing Editor

Read more

Keeping up or getting ahead?

Improving an organization’s cyber posture – i.e. continuously generating increased security at the lowest possible cost – requires that effective continuous improvement disciplines be ‘wired’ into the operating cadence of the business.  Building a cybersecurity program that continuously improves and keeps up with the changing threat landscape shares many of the core features of continuous improvement applied to other aspects of the business.  See what is possible – this is more relevant in today’s digital world where new vulnerabilities are being created and new threats are emerging every day. To determine […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for October 2019, Part 2

Is AWS Liable in Capital One Breach? – Threatpost Senators penned a letter to the FTC urging it to investigate whether Amazon is to blame for the massive Capital One data breach disclosed earlier this year. Amazon is at least partly to blame for the massive 2019 Capital One breach that impacted more than 100 million customers, senators are alleging.   Editor’s note: This particular quote should bring pause to anyone who hands over their cyber security responsibility and visibility to a cloud provider – “Amazon knew, or should have known, that AWS was vulnerable to […]

by Dawn Dunkerley
Contributing Editor

Read more

“Wire” Cyber in from the Start

Manufacturing Engineer: “You want me to patch what? How often? Yeah, right…I can’t take these systems offline for even a minute, those patches are going to have to wait until our next planned shut in the spring…” Cybersecurity Manager: “Was that system that was breached compliant with our internal cyber specification?” Process Engineer: “What specification?” Plant GM: “Did the new remote sensing ecosystem project get approved for my plant?” VP of Ops: “Yes! Install starts tomorrow.” CISO: “Who signed off on it from Cybersecurity?” ALL: Silence…. Just about every one […]

by Bret Bergman
Contributing Editor

Read more

Cybersecurity Awareness Month – Top 10 Personal Cyber Hygiene Tips

It is cybersecurity awareness month and although we highlight cybersecurity this time of year, the top 10 tips for your individual security should be a daily cyber hygiene must for every one of us. Thought I would take the time to share with you what I tell my clients when asked:  1. Keep Your Software Up to Date & Use your Device Securely One of the most important cybersecurity tips to mitigate ransomware or other cyber intrusions is patching outdated software, both operating system and applications. This helps remove critical […]

by Patricia Frost
Contributing Editor

Read more

Did you just digitize yourself into astronomical risk?

Recently I was walking through a major US Airport and saw an advertisement for a multi-billion-dollar Management Consulting firm. It simply said: “Get digital or get left behind”. I couldn’t help but chuckle at the fear-selling clearly targeted at division managers and road warriors and think of all the urgency surrounding the need to revolutionize one’s business or be eviscerated in the marketplace. Let me get this out front before I’m accused of a luddite who is only interested in human behavior: digitization is a great thing on balance! Ok, […]

by Richard Berkley
Contributing Editor

Read more

The Cyber Skim: Top Monthly Articles for October 2019

ANU cyber attack: How hackers got inside Australia’s top uni – Illawarra Mercury It’s been compared to Ocean’s Eleven – a cyber attack on Australia’s top university, methodically planned and then adapted on the fly by an “A team” of hackers who cracked into the personal records of 200,000 students and staff and walked away leaving virtually no trace.   Editors note: Cyber attacks are a global issue. This story indicates that universities – no matter where they reside – are at risk, and that an ounce of prevention is worth […]

by Dawn Dunkerley
Contributing Editor

Read more

What does good even look like?

Building a cyber program starts with knowing what good looks like. It is not some vague description, but rather the hard targets to which we will manage day-to-day and aspire in the longer term. Yes, it is hard to measure risk. No, that does not mean you shouldn’t try. Defining cyber security metrics and targets is no different than defining operational metrics and targets. Everybody knows the ‘what’: Define what matters – often this is defined as ‘knowing your critical assets’. In our view, this is inadequate. What matters is […]

by Joseph Socolof
Contributing Editor

Read more

The Cyber Skim: Monthly Top Cyber Articles for September 2019

No Quick Fix for Security-Worker Shortfall – Dark Reading Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly-skilled employees. Editor’s note: Recruiting is only part of the battle; it’s still critical that you train and look for incentives to retain your cyber security professionals. Often the incentive can be quality training itself, conferences, even just simple appreciation for the work they’re doing. Invest in your high-performing personnel, and your program will flourish. READ MORE […]

by Dawn Dunkerley
Contributing Editor

Read more

The Sky is Falling…

“The sky is falling!  The sky is falling!” goes the famous line by Chicken Little (or Henny Penny for you Europeans reading this).  People in the cyber community have been accused of being “Chicken Littles” for predicting that cyber adversaries are going to bring down economies, if not our very way of life itself.  As a member of that community, I will readily admit the message can be overblown at times and even used as a classic FUD (Fear Uncertainty Doubt) sales technique in others. This does a great disservice to the real risk […]

by Bret Bergman
Contributing Editor

Read more

Blind Spots: The Consequences of Ignoring Industrial Assets When Developing a Cyber Strategy

We all have blind spots… I recently had the opportunity to spend an evening talking to a reporter about the cybersecurity vulnerabilities in operational technologies found in heavy industries. We started our discussion with the general questions about “how safe are we” which quickly moved into the quality discussion that everyone should be having on “how prepared are we”. We had a lively talk about “when” not “if” a breach happens and how quickly a heavy industrial company can respond and continue to function.  Operational impacts for a specific period of […]

by Patricia Frost
Contributing Editor

Read more

The Cyber Skim: Monthly Top Cyber Articles for August 2019

We Asked Def Con Attendees Why People Are Still Getting HackedThis year’s Def Con—the world’s biggest hacking conference—was more sprawling than ever. Held annually in Las Vegas, the conference has grown over the last 27 years from a small gathering of hackers huddled into the Alexis Park hotel to a nearly 30,000-person swarm spread across multiple hotels on the Strip.  Editor’s note: Interesting insight from leading security experts; overwhelmingly they point to human failures as the root cause of vulnerability.  READ MORE Breached Passwords Still in Use By Hundreds of […]

by Dawn Dunkerley
Contributing Editor

Read more