A Review of the Best News of the Week on Cybersecurity Management & Strategy

Aetna agrees to $17M to settle data breach (SC Magazine, Jan 19 2018)
Aetna will pay a $17.1 million as part of a settlement for a July 2017 data breach that may have compromised the information of thousands of HIV patients.

Bug-Hunting Hackers Earn Top Dollar for Efforts (Infosecurity Magazine, Jan 17 2018)
Bug bounties can be highly lucrative for top hackers; for instance, those based in India earn 16 times the median salary of a software engineer. And on average, top-earning researchers make 2.7 times the median salary of a software engineer in their home country.

The Future of Security Operations: Embracing the Machines (Securosis Blog, Jan 12 2018)
“How can you improve your security posture and make your environment more resilient by orchestrating and automating security controls?”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Where the CISO Should Sit on the Security Org Chart and Why It Matters (IBM Security Intelligence, Jan 09 2018)
Businesses who position the CISO improperly and fail to provide him or her with adequate support and visibility are sending a signal. If the CISO is buried down in IT, even if reporting directly to the CIO, his or her clout and influence will be greatly diminished. In a not-too-distant future, shareholders may look at such a setup and determine that the organization is inadequately prepared to deal with modern cyber risks.

Mental Models & Security: Thinking Like a Hacker (Dark Reading, Jan 16 2018)
These seven approaches can change the way you tackle problems.

Addressing Innumeracy in Reporting (TaoSecurity, Jan 16 2018)
Richard Bejtlich says, “Please keep in mind these two sorts of innumeracy — the time value of money, and the importance of percentage changes over time — when dealing with numbers and time.”

Security Monitoring Use Cases, the UPDATE! (Gartner Blog Network, Jan 17 2018)
Posting about updated documents is often boring, but this time I’m talking about my favorite Gartner document, as usual, co-authored with Anton: “How to Develop and Maintain Security Monitoring Use Cases”!

Which CISO ‘Tribe’ Do You Belong To? (Dark Reading, Jan 17 2018)
New research categorizes CISOs into four distinct groups based on factors related to workforce, governance, and security controls.

House passes Cyber Diplomacy Act (SC Magazine, Jan 18 2018)
A bipartisan group of Congressmen cheered the passing of the Cyber Diplomacy Act (H.R. 3776) yesterday by the House of Representatives.

Security Breaches Don’t Affect Stock Price (Schneier on Security, Jan 19 2018)
This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as represented through selected indices rather than the market as a whole. Financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement.

How to Keep Blue Teams Happy in an Automated Security World (Dark Reading, Jan 18 2018)
The creativity and intuition of your team members must be developed and nurtured.

How to Attract More Women Into Cybersecurity – Now (Dark Reading, Jan 12 2018)
A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession – the dots just need to be connected.

Ex-Uber Engineer Accused of Spying on Tesla, Stealing Trade Secrets (Wired, Jan 16 2018)
In her complaint, Wong alleges that Levandowski was paying a Tesla engineer for updates on its electric truck program, selling microchips abroad, and creating new startups using stolen trade secrets. Her complaint also describes Levandowski reacting to the arrival of the Waymo lawsuit against Uber, strategizing with then-Uber CEO Travis Kalanick, and discussing fleeing to Canada to escape prosecution.

Why Cloudflare Let an Extremist Stronghold Burn (Wired, Jan 16 2018)
The story of how an internet infrastructure company get locked into a free-speech dispute starts in the cubicles of SoMa and the brothels of Istanbul.

Kaspersky filed an injunction challenging DHS ban (SC Magazine, Jan 18 2018)
Kaspersky filed an injunction Wednesday challenging the U.S. government’s ban of the software company’s products.

Industrial Cybersecurity Leader Nozomi Networks Raises $15 Million (Nozomi Networks, Jan 17 2018)
…real-time cybersecurity and operational visibility for industrial control systems (ICS) announced today it has raised $15 million in Series B financing. The Invenergy Future Fund led the round…

Threat Intelligence Tech Firm Anomali Raises $40 Million (SecurityWeek, Jan 17 2018)
Anomali, a security technology firm that offers a SaaS-based threat intelligence platform, today announced that it has raised $40 million in series D funding.

WatchGuard Buys DNS-Filtering Company Percipient Networks (Dark Reading, Jan 17 2018)
Percipient’s ‘Strongarm’ to become part of WatchGuard’s SMB security services.

How digital transformation is reshaping the modern enterprise (Help Net Security, Jan 18 2018)
F5 Networks announced the results of its 2018 State of Application Delivery report, which shows accelerating multi-cloud deployments are enabling organizations to select the cloud platform that best meets the requirements of a specific application. However, this also increases the challenges many companies face in managing operations and security across multiple clouds as they transform their application portfolio to compete in the digital economy.