The Principles of a Safe Secure & Intelligent (S2I) Communications System

And that’s it. That is the entire basis for developing these principles, the rules of the road, these guiding lights, so that we can protect these systems we so dearly rely on.

What is a principle? The “know all” (aka, Google) tells us a principle is: “a fundamental truth or proposition that serves as the foundation for a system of belief or behavior or for a chain of reasoning.”

What is a communication system? The other “know all” (aka, Wikipedia) tells us a communication system is: “In telecommunication, a communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment usually capable of interconnection and interoperation to form an integrated whole.” Continue reading “The Principles of a Safe Secure & Intelligent (S2I) Communications System”

Highlights From the World Economic Forum’s ‘Global Risks Report 2018’

This year, cyberthreats figure prominently along the various global risks found in our increasingly complex and interconnected world. It makes it a perfect New Year’s gift for chief information security officers (CISOs) to share with their business leaders as a way to examine common concerns and build trust through stronger communication and engagement on a topic that is critical to the survival of organizations around the world.

First came the New Year’s Eve parties, followed by New Year’s resolutions and, finally, the annual meeting of global elites at the World Economic Forum (WEF) in Davos, Switzerland, on January 23–26. Just ahead of the event, the WEF released its “Global Risks Report 2018,” a compendium of data points and analysis about the state of economic health around the world.

The report, partly based on a survey of about 1,000 of its members conducted during the second half of 2017, covers all major categories of risk, including economic, environmental, geopolitical, societal and technological. The top four concerns include recurring themes, such as inequality and unfairness, political tensions within and between countries, the environment, and cyber vulnerabilities. It is across this spectrum of global risks that the report warns of “the increased dangers of systemic breakdown,” due in part to our increasing dependence on technology. Continue reading at SecurityIntelligence.com

Is Your CISO a Jedi Warrior, an Admiral or a Diplomat?

The CISO as a security leader must be multitalented, one minute conversing with the top leadership about strategies and alliances — much like the Admiral and the Ambassador would do — and the next minute directing the alliance’s response to new threats with the precision of a Pilot. And all the while, they must be using their knowledge of the organization’s defenses and that of enemy weapons, the threats and tools at the disposal of attackers today, to ensure a healthy balance.

As fans of “Star Wars,” we’ve watched a multitude of characters evolve on the screen and rise to the challenge posed by dark and powerful enemy forces. Jedi warriors, Wookiee warriors, fighter pilots, and an array of diplomats and military commanders have fascinated us for four decades.

Meanwhile, back on planet Earth, in this decade, we too are left fighting dark and powerful enemy forces. It’s only natural to wonder which of these types of characters would best serve as chief information security officers (CISOs) for our organizations to defend us from the threats of a digital empire that continues its relentless expansion and threatens our organization’s very survival.

Let’s take a look at some traits from the “Star Wars” characters we’ve grown to love and explore how those might be applicable to CISOs today.  Continue reading at SecurityIntelligence.com

Calculating the Costs of a Cyber Breach: Becoming the “Antifragile” Cyber Organization

What is worrying us is the intangible like human interaction with and dependence on machines, human decision-making…In this space, we actually feel we are doing the opposite of getting better; instead, we are getting worse. We are becoming even more fragile.

The 2017 Ponemon Institute Cost of a Data Breach Study found that the cost of a data breach is going down, but the size of a data breach is going up.” Additional key findings included the following:

  • The average total cost of a data breach decreased from $4.00 to $3.62 million.
  • The average cost for each lost or stolen record containing sensitive and confidential information also decreased from $158 in 2016 to $141. (The strong USD played a role in reducing the costs.)
  • The average size of the data breaches investigated in the research increased 1.8 percent.

Okay, so what does all that mean? Good news? Bad news? Mixed news?

Continue reading “Calculating the Costs of a Cyber Breach: Becoming the “Antifragile” Cyber Organization”

Local LinkedIn pick as cybersecurity guru talks trends

I think government is traditionally been way behind on procurement issues and recently, enactment of legislation for modernization has taken place. They’re trying to replace a lot of legacy systems.

Our guest today was recently named by LinkedIn as one of the top five people to follow in cybersecurity issues among their 500 million members. He was also just selected as LinkedIn to be an advisor on cybersecurity and emerging technology issues, and we’re lucky enough to have him here in the studio– Chuck Brooks of Chuck Brooks Consulting. Chuck, thanks for joining us. Continue reading “Local LinkedIn pick as cybersecurity guru talks trends”

Four Key Lessons From NACD’s ‘2018 Governance Outlook’ About Managing Cyber Risks

“Being ‘secure’ is not a static end state that lends itself to inflexible compliance checklists; it requires a constant evaluation of risk relative to a rapidly evolving cyberthreat landscape.”

In mid-December 2017, the National Association of Corporate Directors (NACD) published its “2018 Governance Outlook: Projections on Emerging Board Matters” report, designed to highlight key areas of focus for board directors in 2018. It also offered recommendations for improving enterprise risks, including a section dedicated to cyber risks.

Four Key Takeaways From the NACD ‘s ‘2018 Governance Outlook’

The report — and the underlying NACD Public Company Governance Survey — found that only 49 percent of board directors are confident about management’s ability to effectively handle cyber risks. In the same vein, since there are increasing calls for cyber risks to be integrated within the enterprise risk management (ERM) system, 58 percent said it was important or very important for their boards to improve oversight of risk management in the coming year. Continue reading at SecurityIntelligence.com

Treat Your Data Like Cash

Information is just another form of currency (arguably, the most valuable), which is why if you believe in the old saying “cash is king” then we should really start thinking “data is king” also.

How annoyed are you when you find out you lost some cash?  Whether it is a few bucks in your jeans pocket or that “emergency stash” under the mattress, losing that “cold hard cash” is a feeling that always twists your stomach.  Sometimes you blame yourself.  Sometimes you blame others.  Depending on the amount lost, your emotions could range from the standard “how could I be so stupid?” to a profanity-laced tirade that is not suitable for print here.

Question: do you feel the same way when you experience credit card fraud?  My instinct is that while you would feel some sort of violation and negative feelings, it’s just not “the same” as losing cash. Continue reading “Treat Your Data Like Cash”

Where the CISO Should Sit on the Security Org Chart and Why It Matters

To ensure that the CISO is so empowered, top leadership must view and treat security as a strategic element of the business. In other words, they must view cyber risks as strategic risks. Internal collaboration with the security function should be supported and strongly encouraged at all levels of the organization.

In early 2016, boards were starting to take cybersecurity more seriously and, in the process, increasing their interactions with chief information security officers (CISOs). How much has changed in the past two years? To whom do CISOs report today, and why does it matter?

The State of the Security Org Chart in 2018

In the latest edition of its “Global State of Information Security Survey,” PricewaterhouseCoopers (PwC) found that 40 percent of CISOs, chief security officers (CSOs) or other equivalent information security executives report to CEOs, while 27 percent report to board directors, 24 percent report to a chief information officers (CIO), 17 percent report to a CSO and 15 percent report to a chief privacy officer (CPO). Since PwC’s numbers add up to more than 100 percent and the actual survey questions aren’t provided, these numbers likely include dotted lines of reporting in addition to direct reports. Continue reading at SecurityIntelligence.com

How Courts & Attorneys View ‘Reasonable Cybersecurity’ in 2018

Does your company truly care about cybersecurity, or is it just going through the motions and asking you to check off the boxes?

Cybersecurity attorney Shawn Tuma tells us that courts and attorneys are getting pretty good at determining the difference—which can impact the cost of litigation in a major way after a cyber incident.

It is 2018 and you must be able to show your work toward “reasonable cybersecurity.” In part 1 of this report, Tuma shared the high-level answer to what “reasonable cybersecurity” is. Now, in part 2, he offers specifics on what you must be doing, at a minimum, to secure your business.

Continue reading to watch the video. Continue reading “How Courts & Attorneys View ‘Reasonable Cybersecurity’ in 2018”

What Is Reasonable Cybersecurity?

But what, exactly, is the standard for reasonable cybersecurity? What does that look like or feel like within an organization?

The term “reasonable cybersecurity” gets batted around all the time.

We’ve heard InfoSec leaders talking about it at SecureWorld cybersecurity conferences across the United States.

And we know that if you have it, it can help limit liability damages after a breach.

We asked well-known cybersecurity attorney Shawn Tuma, of Scheef & Stone, LLP, what you should be aiming for in 2018. Here is his 90-second answer:  Continue reading “What Is Reasonable Cybersecurity?”