Category: AI in news
The constructs of a business model canvas are rooted in scientific modeling, business modeling, and system information modeling—all driven by logic. The business model canvased is modeled using the following: Inputs (This is what we want to do) What are our goals and objectives? (Value Proposition) Who and where do we need to engage…
Read MoreWhat better way to diagnose a failed security program than to point at an inferior assessment of risk? If an organization omits or misjudges a critical risk, then the decisions that flow from that finding will be incorrect. A problem with standardizing risk assessment is that the measurement of relevant risk is going to…
Read MoreAll too often, I hear colleagues wax poetic on the disdain their directors and managers have towards the mission of cyber security. I’m always eager to provide some sage couples counseling wisdom toward these difficult relationships between CISOs and their colleagues. 1. Designate FUD as your Friend rather than Adversary Someone once said that Fear,…
Read MoreAh, CISOs. Such magnificent and noble creatures. There’s such a wide variety in the wild that you might have a hard time believing they are all part of the same species. Let’s take a short field expedition to familiarize ourselves with a few common varieties. And wipe all that sunscreen off your face, you won’t…
Read MoreThere’s an expression in geekdom called “yak shaving” that refers to doing busywork that appears important but is actually useless. The essence is that yak shaving is easier to do than dealing with the actual problem at hand (which is often complex and hard).1 Too Much Security Awareness Training There’s only so much security training…
Read MoreIn Part I of this blog series, we introduced information modeling as a method to reduce compliance gaps. In this blog, we create a master model of protection based on the business model of a fictitious company called Eclipse Cloud Services (ECS). The master protection model forms the basis of contextualizing access to the infrastructure,…
Read MoreAccording to a 2015 study by Georgia Tech Information Security Center, 40 percent of CISOs reported to the CIO or CTO rather than directly to upper leadership.1 A forthcoming F5 Ponemon CISO research report will show that the trend is shifting away from CISOs reporting into the IT organization. From a legacy point of view,…
Read MoreF5 Labs recently featured a CISO-to-CISO blog post by an experienced auditor, Kyle Robinson, discussing how most organizations fail audits. I’ve been through quite a few audits myself, including a number by the author of that blog. Here are six ways to avoid the common audit failures he spelled out. Get Prioritization from the Top Until…
Read MoreIn this blog series, I explore the challenges of the information security practitioner, discussing how technical evolution simultaneously contributes new issues but presents new techniques for solving these issues. I begin with an academic question: Can humans create a system so large that the problems surrounding it are not solvable at human scale? There are…
Read MoreIt seems earthshaking vulnerabilities are released weekly that leave vendors and system administrators scrambling to remediate. So, where are all these vulnerabilities coming from? A simple search on the National Vulnerability Database shows over 3,300 new vulnerabilities released in just the past 3 months.1 Granted that many of these vulnerabilities are esoteric and limited to…
Read More