Is cybersecurity a problem to be dealt with or is it to be managed? (these questions were slightly changed from the presentation at RSA Conference in Asia – https://www.rsaconference.com/apj/agenda/how-to-tell-the-right-cyber-story-to-executives-and-board-members Ian Yip CEO of Avertro – he brings up some good questions. Let us delve a bit deeper into this question. Why should we care … Read more
Yesterday’s story comes to mind as well as others recently that puts this issue back to the forefront. You know that when your company name is in the news for a Cybersecurity breach because your files are publicized by hackers your Cybersecurity practices have not been very effective. “The ransomware gang pinched files, including AutoCAD … Read more
I have talked about the Psychology of Security as penned by Bruce Schneier (2019 post) – where he outlines the effect of the person trying avoid spending money if it is a risk to lose money, whereas in a casino we are willing to risk money to make more money. But in a company with … Read more
If you have a company that you own, and have some computers and other systems on a network, are you in charge of that network? Ultimately maybe you are _responsible_, but are you in charge of it? Or is it the computer users? or any user with a phone and device on the network? Is … Read more
There are many examples of high Cybersecurity risk tolerance – which show the executives not paying attention to Cybersecurity professionals until it is too late. Darkreading has another article on Cybersecurity burnout. The issue is the long hours many Security professionals have to perform and the general thankless jobs as they try to convince executives … Read more
