Shift to Integrated Risk Management and a Risk-Based Lens

With the National Cyber Strategy, the rise of regulations like the CCPA and GDPR, the future for a compliance-based CISO is a patchwork of cross-border regulations that will result in further fractionation of an already siloed cybersecurity organization. Without a common thread or foundation to build a cyber strategy upon and tie all these regulations together, cybersecurity teams will continually be faced with redundant regulations that vary only slightly and have an immense amount of overlap. A compliance-based CISO, though, is bound to an endless list of checkboxes of each new assessment, regardless of its similarity to others.

Read More
Ethan Bresnahan
"Secure" Digitization - Is It Possible?

The rapid increase in the number of internet-connected devices and rise of the Internet of Things comes with great anticipation and sometimes fear from those in the security space. Newly connected devices lead to enhanced business processes and increased customer satisfaction in many cases, but also the increase in cyber risks.

Read More
Alison FurneauxIoT, digitization
NIST Small Business Cybersecurity Act Passed Into Law

U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday, August 14, 2018. It requires NIST to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks." This is a massive achievement, as many small businesses want to adopt it, they are having trouble doing so because of the complexity.

Read More
An Actionable Definition of Information Risk Management

If you search for “Information Risk Management” on the internet, you’ll probably come up with many different definitions explaining what IRM is, or what the author believes it to be. The truth us you can learn more about IRM by searching for “NIST 800-53,” but many of the definitions you read are ubiquitous, or too theoretical to make actionable. Here’s the definition you need.

Read More