December 22, 2016

2016 retrospective – 8 scary predictions that came true

Looking back at our 8 Scary Security Predictions for 2016 what’s really frightening is how accurate they were! It’s time to start a side business in fortune telling…  maybe there’s a certificate for that. Here’s a quick recap of our 2016 predictions and what actually unfolded: Back Doors Open in Corporate Encryption – now Congress feels that strong non-backdoor encryption is important, but Feds should be able to crack it  National Privacy Laws Weaken (Again) […]
December 15, 2016

Impact vs. risk: information security measurement for agile organizations

Successful information security organizations are often invisible; security is a pervasive but not onerous part of the company culture, process, and technology.  Data, people and other important assets are protected, but still dynamic.  Does this sound like your company?  Probably not … unfortunately, this agile organizational mecca is rare.  Too many information security organizations have a philosophy of “risk elimination”, which leads to the proliferation of granular risk measurement process and tools that require significant […]
December 15, 2016

Qualitative vs. quantitative: delivering better information security insight

Today’s Chief Information Security Officer (CISO) has a blinding array of metrics available to describe the health of their information security organization.  Not surprisingly, as technology executives with a portfolio of the latest tools at their disposal, there’s often a heavy reliance on technical metrics.  The challenge with these metrics, as you might expect, is that they speak to technical vulnerabilities – things like mismanagement symptoms, malicious activities, or incident reports.  Dashboards routinely show things […]