DHS Taking Steps in the Right Direction on Cyber Risk Management

Posted on August 12, 2019 at 11:03 am

by Larry Clinton Perhaps the one thing virtually everyone in the cybersecurity field agrees on is that, notwithstanding many laudable efforts, we are losing the fight to secure cyberspace. Illustrative of this reality, the Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Chris Krebs, has wisely commented we need a new […]

Mandatory Cybersecurity Training for Congress: What Kind of Training?

Posted on July 31, 2019 at 9:52 am

by Larry Clinton Last week, the bipartisan Select Committee on the Modernization of Congress issued a list of two dozen recommendations designed to “make Congress more reflective and responsive to the American people.” One recommendation stands out as particularly timely, visionary and practical: “Making cybersecurity training mandatory for Members.” Finally, a cybersecurity mandate that makes […]

Capital One Breach Highlights the Danger of Insider Threats

Posted on July 30, 2019 at 1:27 pm

by Josh Higgins When companies think about cybersecurity threats, they often think of a hacker in some far-off place using sneaky tactics to gain access to their systems. However, Capital One’s announcement Monday of a major data breach highlights another major, yet often overlooked, cyber threat: The insider. Similar to other cyber incidents, the newly […]

Accountability in Cybersecurity is a Two-Way Street

Posted on July 29, 2019 at 11:48 am

The biggest story in cybersecurity this past week was the eye-popping $5 billion dollar (that’s billion with a B) fine the FTC placed on Facebook for not adequately fulfilling its responsibilities to protect its consumer’s data. Probably just as painful to Facebook, and its CEO, as the fine itself is having to publicly acknowledge their […]

Regulators: Don’t Make the Same Cyber Mistakes Over Again

Posted on July 19, 2019 at 2:27 pm

It’s not news that cyber-attacks are increasing both in number and sophistication and that the increasing criticality of the attack methods demands increased attention especially with respect to critical infrastructures. Also, due to the uniqueness of information systems, the speed with which attack methods and technologies change the traditional regulatory model has been deemed to […]

MAN BITES DOG: State Regulators Want Cyber Reg Reform

Posted on June 26, 2019 at 1:31 pm

Yesterday Congressman Cedric Richmond, Chair of the House Homeland Subcommittee on Cybersecurity, Infrastructure Protection and Innovation announced in the wake of the recent ransomware attacks on local jurisdictions like Atlanta and Baltimore that he is going to propose a series of legislative efforts to assist the municipalities because “we can’t expect under-resourced, understaffed, state and […]

Brush with Greatness: A Chat with a Man Who May Be the Tipping Point Toward Effective Cybersecurity

Posted on June 21, 2019 at 10:47 am

by Larry Clinton The greatest cyber risk an organization can have is doing a faulty cyber-risk assessment. This is one of the key insights from Doug Hubbard’s paradigm-shifting book “How to Measure Anything in Cybersecurity Risk”. While in Chicago this week to do a series of Master Classes on the Economics of Cyber Risk for […]

Corporate Directors Take the Next Step on Cybersecurity: Where’s Congress?

Posted on June 18, 2019 at 11:27 am

by Larry Clinton In Chicago this week the National Association of Corporate Directors (NACD) will host the first in a series of nationwide events on the economics of cybersecurity. The courses start with a brief discussion of the now well-known existence of cyber-attacks on enterprises. However, they quickly move beyond the problem and instruct board […]

We Need Sensible Cybersecurity Regulations – More Is Not Necessarily Better

Posted on June 12, 2019 at 11:08 am

by Larry Clinton When the ISA published the Cybersecurity Social Contract three years ago, one of the facts we documented was that some in critical industries were being forced to divert between 30%-40% of their scarce cybersecurity resources to largely redundant regulatory compliance. This fact highlights the twin maladies of undermining efforts to strengthen cybersecurity without improving either […]

Experts from GE and FIS Help Students Deal with the Inevitable: Cyber Attacks

Posted on June 6, 2019 at 11:00 am

Once upon a time, industry experts would caution students and conference attendees that with cyber-attacks, it was not a question of if, but when. That adage has now matured into a more modern version: There are only two types of companies — those who know they have been successfully compromised, and those that don’t know […]