A Review of the Best News of the Week on Cybersecurity Management & Strategy

Making an Impact with Security Awareness Training: Structuring the Program (Securosis Blog, Aug 30 2018)
“In our new series, Making an Impact with Security Awareness Training, we will put the changes of the last few years into proper context, and lay out our thoughts on how security awareness training needs to evolve to provide sustainable risk reduction.”

The secret history of ED011, the obscure computer lab that hacked the world (Ars Technica, Aug 27 2018)
One Romanian campus computer lab both pentested the world and eventually helped protect it.

How Cybercriminals Are Using Blockchain to Their Advantage (SecurityWeek, Aug 30 2018)
Blockchain DNS is a decentralized DNS. Blockchain TLDs – including .bit, .bazar and .coin – are not owned by a single central authority. DNS lookup tables are shared over a peer-to-peer network and use a different technology from traditional DNS requests.


Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.


Very Good Security makes data ‘unhackable’ with $8.5M from Andreessen (TechCrunch, Aug 28 2018)
Startup that assumes the liability of storing sensitive data for other companies, substituting dummy credit card or Social Security numbers for the real ones. Then when the data needs to be moved or operated on, VGS injects the original info without clients having to change their code.

In 2018, What Is Security Architecture? (Gartner Blog Network, Aug 30 2018)
How do YOU define security architecture for the modern era of cloud, virtual, mobile, big data, DevOps, “AI”, etc?

A Rant on Single Function Security Tools (Gartner Blog Network, Aug 24 2018)
As a result of this trend, we now have “SOAR for email threats”, “UEBA for web proxy logs”, “DLP for data discovery”, “vulnerability scanner for databases”, “SIEM can only match logs to threat intel” etc. Or, as my former colleague pointed out, a Cambrian explosion of tools.

Why CISOs Should Make Friends With Their CMOs (Dark Reading, Aug 27 2018)
A partnership between IT security and marketing could offer many benefits to each group – and to the entire enterprise.

How Can We Improve the Conversation Among Blue Teams? (Dark Reading, Aug 27 2018)
Dark Reading seeks new ways to bring defenders together to share information and best practices

Cyber Risk = Business Risk. Time for the Business-Aligned CISO (SecurityWeek, Aug 27 2018)
One way to measure and quantify risk is by using the standard Factor Analysis of Information Risk (FAIR) Model, which assesses information risk in financial terms. It’s an effective method for gathering data about cybersecurity events from company and industry sources, for associating dollar values for different forms of loss, and for running the data through Monte Carlo simulation engines to generate loss exposure values (risk) in financial terms.

Why Security Needs a Software-Defined Perimeter (Dark Reading, Aug 28 2018)
Most security teams today still don’t know whether a user at the end of a remote connection is a hacker, spy, fraudster — or even a dog. An SDP can change that.

ICO Breach Complaints Jump 160% in a Year (Infosecurity Magazine, Aug 28 2018)
GDPR thought to be a key factor

Notorious Cybercriminal Released From Prison (SecurityWeek, Aug 28 2018)
Earlier this month, Belarusian authorities released from prison Sergey Yarets, a notorious cybercriminal and co-developer of the Andromeda botnet.

PCI SSC Releases New Security Tools for Small Businesses (Dark Reading, Aug 28 2018)
Tool intended to help small businesses understand their risk and how well they’re being addressed.

Proposed US law would require President to act against overseas hackers (Naked Security – Sophos, Aug 31 2018)
A US senator has announced a bill that would force the President to punish overseas hackers found targeting the US, or explain why he hadn’t.

FBI launches Protective Voices site to combat malicious foreign influence (SC Magazine, Aug 31 2018)
The FBI is launching a website to help educate the public regarding on-going campaigns that spread disinformation with the goal of influencing American society and lowering citizen’s confidence in specific U.S. individuals and institutions.

Polish Parliament Enacts National Cybersecurity System (Dark Reading, Aug 28 2018)
The system classifies security incidents and splits national incident response into three separate teams.