Cybersecurity Thrives in An Organizational Context

By Frederick Scholl | July 11, 2023 |

It is common knowledge that you cannot define the security of anything without understanding its context. It is also true that to improve your organization’s security posture you need to understand that organization. Over 50% of CISO’s still report to the CIO function. This blog post outlines, in Mind Map format, the activities of the…

Read More

Understanding Intelligence

By Frederick Scholl | October 2, 2016 |

It is obvious that cybersecurity will continue to play an important part in national security.  But as a Washington outsider, it is difficult to see inside government policies and organizations that are responsible for this security.  Michael Hayden has taken a significant step in providing this insight through his recent book, Playing to the Edge (2016). …

Read More

Align Your Security Program With the Business

By Frederick Scholl | September 16, 2016 |

Information security used to be part of IT.  That has changed recently;  security now needs to be independently aligned with the business operations, not just IT operations.  The PCI SSC calls this “Business as Usual” (BAU).  NIST CSF talks about aligning cybersecurity requirements with business activities. I call this process information security governance and maintain…

Read More

Locking Up the Ivory Tower

By Frederick Scholl | July 25, 2013 |

Universities are traditionally open, without all of the information security controls that are implemented in the corporate environment.  Not surprising, given that the term university means community.  It is hard to build community with overly restrictive security controls. Now, however, the New York Times reports that universities are under increasing attack from cybersecurity threats—“Universities Face…

Read More