Archives

Cyber Risk Management Chronicles, Episode VII From a regulatory perspective, many industries have been living in the land of milk and honey as cyber programs have largely been guided by voluntary measures. However, regulator’s patience has grown thin with the public private partnership / voluntary measures approach and, as a result, cybersecurity regulation is on […]

Cyber Risk Management Chronicles, Episode VI Let’s talk about the “New Cybersecurity Triad.”  We’re all pretty familiar with the venerable C-I-A Triad whereby secure data exhibits the characteristics of Confidentiality, Integrity, and Availability. But today’s cybersecurity challenges demand we recognize another triad critical to success: interaction among boards, CIOs, and CISOs. In many sectors, CIOs […]

Cyber Risk Management Chronicles, Episode V Cybersecurity programs must be tested on a routine basis. It takes significant time and effort to develop a cybersecurity program.  The efficacy of a program is only theoretical until thorough testing is conducted.  One of the most effective ways to test a program is by conducting tabletop exercises. Such testing can […]

Cyber Risk Management Chronicles, Episode IV The CyberSecurity Framework (CSF) was created to solve a pernicious problem – repeated, damaging cyberattacks against US critical infrastructure sectors. The danger was such that President Barack Obama directed a federal agency, the National Institute of Standards and Technology (NIST), to develop a framework to reduce cyber risks to […]

Cyber Risk Management Chronicles, Episode III The reality of finite resources means cybersecurity programs that attempt to ‘boil the ocean’ – protect everything at once – are destined to fail. Risk-based cybersecurity programs are the solution. With such an approach, priorities are established via risk risk-based decisions grounded in analysis of actual threats. Not only is resilience […]

Cyber Risk Management Chronicles, Episode II Risk management is the process of minimizing or mitigating risk. It begins with identification and evaluation of the various types of risk that an organization faces, determining the probability that these risks will occur, estimating their potential impact, and determining optimal use of resources to monitor and minimize the […]

Cyber Risk Management Chronicles: Episode 1 All organizations are at different stages of cybersecurity risk management program development. These stages range from one end of the spectrum, where cybersecurity is not a consideration at all, to the opposite end where the organization has a holistic and proactive cybersecurity approach. Given that cybersecurity is an ongoing […]