Fearless Security
I ran across a web site called Fearless Security themed “Taking the Fear out of Security Decisions.” The site also headlines with Roosevelt’s quote: “The only thing we have to fear is fear itself.”
This is a great message for our time, which has seen the militarization of security and, often, much smaller misallocations of resources at the enterprise level. It’s also a clarion call to making “rational decisions based on operational and business realities leading to fewer resources being applied correctly with greater security returns.”
The eminence behind Fearless Security is none other than Fred Cohen, whom I worked with back at Burton Group. I wrote about the results of our collaboration then in my post on A Systematic, Comprehensive Approach to Security.
Today, Fearless Security provides expert assessment of organizational risk using a framework, methodology and toolset developed by Cohen. While the web site itself is still young, I can assure you from personal experience that the methodologies from Cohen and his team are very mature and the following CISO Toolkit and even broader content on the all.net site showcases that fact. And, on the site you’ll find a number of links to webinars and blog posts. My favorite one today – Write Lock the Past, Access Control the Present, Anticipate the Future exemplifies Cohen’s original, but practical, approach.