Posts Tagged ‘Cyber Security’
Cybersecurity Thrives in An Organizational Context
It is common knowledge that you cannot define the security of anything without understanding its context. It is also true that to improve your organization’s security posture you need to understand that organization. Over 50% of CISO’s still report to the CIO function. This blog post outlines, in Mind Map format, the activities of the…
Read MoreUnderstanding Intelligence
It is obvious that cybersecurity will continue to play an important part in national security. But as a Washington outsider, it is difficult to see inside government policies and organizations that are responsible for this security. Michael Hayden has taken a significant step in providing this insight through his recent book, Playing to the Edge (2016). …
Read MoreAlign Your Security Program With the Business
Information security used to be part of IT. That has changed recently; security now needs to be independently aligned with the business operations, not just IT operations. The PCI SSC calls this “Business as Usual” (BAU). NIST CSF talks about aligning cybersecurity requirements with business activities. I call this process information security governance and maintain…
Read MoreLocking Up the Ivory Tower
Universities are traditionally open, without all of the information security controls that are implemented in the corporate environment. Not surprising, given that the term university means community. It is hard to build community with overly restrictive security controls. Now, however, the New York Times reports that universities are under increasing attack from cybersecurity threats—“Universities Face…
Read More