With companies like Nehemiah Security and Darktrace increasingly relying on Artificial Intelligence (AI) to protect networks, what happens when AI starts looking after the machines? In the world of Elon Musk, this puts us one step closer to the ‘singularity’ when AI will surpass humans. It raises the questions of whether AI can be trusted and whether it can be bypassed or e [...]Keep Reading
Don’t have time to read? Start listening to this blog post now:
It is time to sunset the practice of producing reports for reporting’s sake to satisfy regulators. Organizations need to go beyond just producing reports to continuous monitoring of their compliance position. Automation becomes key here. In my post I discuss how to make the compliance process more efficien [...]Keep Reading
If you have not read Part One of our two-part blog series on Key Risk Indicators, we advise you to do so before reading on. There you will gain an understanding of what KRIs are, why they are important for your business, and what makes a good KRI. Now let’s take this a step further:
How does one develop KRIs?
How does one report on and adjust KRIs?
What is next?
Don't have time to read? Start listening to this blog post now:
The holy grail for cyber is to measure and communicate risk in financial terms and come up with a mitigation plan that works for security professionals, all while speaking to the CEO, CFO and the board. The good news is that the basic formula for figuring this out is simple:
Yet that formula does not [...]Keep Reading
You may have already heard about the term “Key Risk Indicators” (KRIs), and if not, it is pretty self-explanatory. The real issue is: Are you actually using them to power your business goals for the year? The three questions asked when first establishing KRIs are:
What do KRIs really mean from a security standpoint?
Why are KRIs important for my business?
What ar [...]Keep Reading
How valuable would it be to foresee the future? And would you want to change the future if you could? Those are two questions that came up at the 2017 Splunk conference I attended in Washington D.C. At one of the booths at the conference, I had the opportunity to vote for the best super hero power: the ability to be a Splunk Ninja or the ability to predict the future. When I ch [...]Keep Reading
Security Risk Management (SRM) is an exercise in evaluating past failures and contemplating unknown future failures of systems, people, processes, and external events. The SRM exercise is to analyze all of this with the aim to: 1) advance and enforce cyber best practices, and B) develop mitigation strategies to prevent or avoid the risks of failure. SRM has bitten off a big mis [...]Keep Reading
Like many of you, I’ve just gotten back from Black Hat USA 2017. Black Hat was the best conference I’ve ever attended—the energy, the level of interest was unlike anything I’ve ever experienced. I spent three solid days talking with security staff of all levels, and they are wrestling with two distinct buckets of problems:
Vulnerabilities: This includes thousands of [...]Keep Reading
Mike Tyson once famously said, “Everybody has a plan until they get punched in the mouth.”
Recent headlines shine a spotlight on an important issue facing the cybersecurity market today: proving cyber defense performance is difficult. It is what has gotten Tanium in trouble for allegedly using a live customer environment to demo. It is also what has gotten Cylance in tro [...]Keep Reading
I see a set of trends in the world that seem to be colliding. First, the world is becoming digital. By the end of 2017, IDC projects that over two-thirds of CEOs of Global 2000 companies will have Digital Transformation at the center of their strategy. It has already happened in industries like healthcare and finance. The second trend is what I call Cyber Escalation. Cybercrimi [...]Keep Reading