A Review of the Best News of the Week on Cybersecurity Management & Strategy

Motherboard Digital Security Guide (Schneier on Security, Nov 16 2017)
This digital security guide by Motherboard is very good. I put alongside EFF’s “Surveillance Self-Defense” and John Scott-Railton’s “Digital Security Low Hanging Fruit.” There’s also “Digital Security and Privacy for Human Rights Defenders.”

On Wild Security Maturity Overestimation (Gartner Blog Network, Nov 13 2017)
“Want to know what my absolute #1 insight that I learned working at Gartner for 6+ years is? No jokes, this is serious!…a huge number of organizations that are way, way, way worse in information security compared to your wildest, most pessimistic view of the world.”

Just How Much Does Your CISO Mitigate Cybersecurity Risk? Perhaps Less Than You Think (RSA Conference, Nov 14 2017)
“You don’t buy brakes to stop. You buy brakes to go fast.” By introducing cybersecurity measures, the organization could feel more comfortable taking on new initiatives that would grow revenue and reduce costs, such as electronic banking, cloud computing, and just-in-time supply chains.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Best practice: Security operations automation before orchestration (CSO Online, Oct 24 2017)
Start by automating simple security operations tasks and then proceed with re-engineering and orchestrating processes.

Trump administration pulls back curtain on secretive cybersecurity process (Washington Post, Nov 16 2017)
The rules guide government decisions over whether and when to disclose software flaws that can be turned into cyberweapons.

Death of the Tier 1 SOC Analyst (Dark Reading, Nov 16 2017)
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.

R.I.P. root9B? We Hardly Knew Ya! (Krebs on Security, Nov 15 2017)
root9B Holdings, a company that many in the security industry consider little more than a big-name startup aimed at cashing in on the stock market’s insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year.

Is all fair in simulated phishing? (CSO Online, Nov 16 2017)
We’ve all heard the saying “all is fair in love and war,” but what about when it comes to simulated phishing?

A rocket scientist hacks the cybersecurity labor crisis (CSO Online, Nov 13 2017)
The CEO of Girls Scouts of the USA may have cracked the code on where to find future cyber fighters.

Hack Cost Equifax Only $87.5 Million — for Now (BleepingComputer, Nov 13 2017)
During an earnings call detailing the Q3 2017 financial results, Equifax execs said the company incurred $87.5 million in expenses related to the massive data breach it suffered earlier in the year and which it publicly disclosed in September 2017.

What is the real cost of a data breach? (Gemalto blog, Nov 16 2017)
According to the 2017 Verizon Data Breach Investigations Report, 61% of victims in this year’s assessment were small to medium size business of less than 1,000 employees.

Mr. Robot eps3.5_kill-process.inc – the security review (Naked Security – Sophos, Nov 16 2017)
We analyse the latest security goings on in the world of Mr. Robot…

HHS cybersecurity initiative paralyzed by ethics, contracting investigation (Politico, Nov 16 2017)
The departures of two executives have unsettled some health care officials who worry about the center’s future.

Research confirms the cybersecurity skills shortage is an existential threat (CSO Online, Nov 14 2017)
ESG research with ISSA shows that organizations don’t have the right levels of cybersecurity personnel, skills and ongoing training to keep up with cyber risk.

Bank consortium founds company to vet third-party vendors (SC Magazine, Nov 16 2017)
Whenever a company announces a data breach hearing that an error by a third-party vendor was behind the disaster is a very common occurrence.

Endpoint Advanced Protection Buyer’s Guide: Key Capabilities for Detection (Securosis Blog, Nov 16 2017)
“As we resume our posting of the Endpoint Detection and Response (D/R) selection criteria, let’s start by focusing specifically on the detection use case.”

How a Student Competition Led to a New Cyber Security Approach (Knowledge@Wharton, Nov 16 2017)
Nataliya Mykhaylova, winner of a student competition to find new ways to thwart cyber criminals, has devised a novel method for detecting attacks.

Optiv Acquires Decision Lab to Expand Big Data Services (Dark Reading, Nov 16 2017)
Deal enhances Optiv’s big data, automation, and orchestration efforts.