Category: AI in news
This year at RSA, I saw many vendors offering “deceptive defense” solutions. Whether folks were buying them is another matter. The concept of using deception in warfare goes back to the dawn of time. Thousands of years ago, Sun Tzu wrote that “all warfare is based on deception.”1 IT deception as a hacking defense has…
Read MoreThose of us with experience in IT security know there are some risks we just can’t mitigate. In such cases, many of us seek out risk transference through cyber insurance. Case in point: When a well-financed mercenary hacking team overwhelms our defenses, we need a remedy to make us whole and keep the business afloat.…
Read MoreBeyond the overall status of the program, you need be able explain cyber risk in terms that executives can understand. Keep it simple and remember this important nuance: many people don’t realize that risk has two components: likelihood and impact. For example, some people tend to react to catastrophic impacts (what are we doing…
Read MoreBefore you can go beyond something, you have to get there first. The perimeter’s imminent demise has been forecast by any number of people and, to a certain extent, they have a point. Once you start placing lots of gates in your fence and move half your livestock outside of it, you start to wonder…
Read MoreExecutive impersonation scams are on the rise, costing businesses billions of dollars annually. Organizations of all sizes can be targeted and fall victim to these crimes. Understanding how these crimes are committed and the numerous variations and vectors of attack will help reduce the possibility that your organization will be victimized. Overview Let’s face it,…
Read MoreSometimes we all feel like we’re losing the security game. But, just like when you’re losing the Craft of Minewar, you can use add-ons to energize your security game. Here are seven definitive things you can put into your security program to guarantee a winning score. 1. Filter inbound Internet app access. You are often…
Read MoreThe constructs of a business model canvas are rooted in scientific modeling, business modeling, and system information modeling—all driven by logic. The business model canvased is modeled using the following: Inputs (This is what we want to do) What are our goals and objectives? (Value Proposition) Who and where do we need to engage…
Read MoreWhat better way to diagnose a failed security program than to point at an inferior assessment of risk? If an organization omits or misjudges a critical risk, then the decisions that flow from that finding will be incorrect. A problem with standardizing risk assessment is that the measurement of relevant risk is going to…
Read MoreAll too often, I hear colleagues wax poetic on the disdain their directors and managers have towards the mission of cyber security. I’m always eager to provide some sage couples counseling wisdom toward these difficult relationships between CISOs and their colleagues. 1. Designate FUD as your Friend rather than Adversary Someone once said that Fear,…
Read MoreAh, CISOs. Such magnificent and noble creatures. There’s such a wide variety in the wild that you might have a hard time believing they are all part of the same species. Let’s take a short field expedition to familiarize ourselves with a few common varieties. And wipe all that sunscreen off your face, you won’t…
Read More