South Korea Olympics: Cyber lessons learned from the Past

This post has been featured on Help Net Security. Click here for the article link. Summary: In this post, we discuss the possible cyber threats facing the upcoming Olympic Games in South Korea and share lessons learned from our experience with the Sochi Olympics in Russia 4 years ago, as well as the Olympics in Rio.

Keep Reading

The Cyber World Is Big—Put Your Slippers On, Folks!

Don't have time to read? Start listening to this blog post now:   I fancy myself the Elle Woods of cyber. Before cyber, I worked in the fashion industry as a personal stylist. My job was to guide clients through the daunting and foreign world of clothing, often building out their wardrobes from the ground up. First two steps were always: 1) get to know them, and [...]

Keep Reading

Cyber Risk Quantification: Computing Asset Value

Don't have time to read? Start listening to this blog post now: If you have not yet read the intro to this blog series on Security Risk Management ("Intro To Measuring, Assessing And Mitigating Security Risk"), please start there.   Computing the value of your assets is essentially you asking the question “How much could I lose if those assets are compromised? [...]

Keep Reading

Wake up Cyber World: Adversary Tactics to Watch Out For

Don't have time to read? Start listening to this blog post now: What does an adversary know about your company before they initiate an attack? Better yet, WHO have they contacted within your company before they initiated an attack? The answer may surprise you. The reconnaissance performed by an adversary has always been one of the keys to their success, but the information [...]

Keep Reading

Guest Post: Should you consider AI to look after your network

With companies like Nehemiah Security and Darktrace increasingly relying on Artificial Intelligence (AI) to protect networks, what happens when AI starts looking after the machines? In the world of Elon Musk, this puts us one step closer to the ‘singularity’ when AI will surpass humans. It raises the questions of whether AI can be trusted and whether it can be bypassed or e [...]

Keep Reading

Automating the GRC Checkbox Game

Don’t have time to read? Start listening to this blog post now: It is time to sunset the practice of producing reports for reporting’s sake to satisfy regulators. Organizations need to go beyond just producing reports to continuous monitoring of their compliance position. Automation becomes key here. In my post I discuss how to make the compliance process more efficien [...]

Keep Reading

Key Risk Indicators, Explained: Part Two

If you have not read Part One of our two-part blog series on Key Risk Indicators, we advise you to do so before reading on. There you will gain an understanding of what KRIs are, why they are important for your business, and what makes a good KRI. Now let’s take this a step further: How does one develop KRIs? How does one report on and adjust KRIs? What is next? [...]

Keep Reading

Intro to Measuring, Assessing and Mitigating Security Risk

Don't have time to read? Start listening to this blog post now: The holy grail for cyber is to measure and communicate risk in financial terms and come up with a mitigation plan that works for security professionals, all while speaking to the CEO, CFO and the board. The good news is that the basic formula for figuring this out is simple: Yet that formula does not [...]

Keep Reading

Key Risk Indicators, Explained: Part One

You may have already heard about the term “Key Risk Indicators” (KRIs), and if not, it is pretty self-explanatory. The real issue is: Are you actually using them to power your business goals for the year? The three questions asked when first establishing KRIs are: What do KRIs really mean from a security standpoint? Why are KRIs important for my business? What ar [...]

Keep Reading

Splunk Conference Spotlight: Predicting the Future of Cyber Risk

How valuable would it be to foresee the future? And would you want to change the future if you could? Those are two questions that came up at the 2017 Splunk conference I attended in Washington D.C. At one of the booths at the conference, I had the opportunity to vote for the best super hero power: the ability to be a Splunk Ninja or the ability to predict the future. When I ch [...]

Keep Reading