Rational Cybersecurity New Year Update
Updating the public on cybersecurity trends is not a trivial matter. At least to me, it is a vast potential topic space. Let’s outline it here and communicate further in the New Year.
My World and Rational Cybersecurity
After a… Continue reading
Rational Cybersecurity Webcast: Applying the 80-20 Rule
As I worked on Rational Cybersecurity for Business, I became fascinated with this question: How can we find a way to gain 80% of the benefits for 20% of the work? Considering that cybersecurity has so many moving parts… Continue reading
The Cybersecurity Business Alignment Framework for Architecture
To ensure security architectures are relevant, you can define them using the Cybersecurity Business Alignment Framework provided in the Multi-Cloud Security Reference Architecture (“refarch”), Rational Cybersecurity for Business (“the book”), and a few other tools.
Defending the Digital Election Infrastructure
Someday we’ll conduct elections fully online, but to do that we’ll require a more secure digital election infrastructure. As the U.S. 2020 election process ramps up, technology plays an increasing role. Organizations engaged in the political process must strengthen cybersecurity… Continue reading
Don’t be Doctor NO: New Book Helps Balance Restrictive Cybersecurity with Empowerment and Accountability
Balancing what we’d like to do from the pure security control perspective with the need to align solutions with the business is a recurring theme in my book, Rational Cybersecurity for Business. The actual book is publishing very soon –… Continue reading
Where Should the CISO Report?
When the CISO doesn’t report at the right level of an organization, misalignment between security, IT, the business, and the larger public ecosystems it serves will surely result. Such misalignment often leads to dire consequences, increasing the chance of breaches… Continue reading
How to Define Security for Your Business
Could it be that a simple misunderstanding of what cybersecurity means is creating much of the disconnect between business and security leaders that often makes security programs ineffective? According to one security leader who’s worked as a Chief Information Security… Continue reading
Fifty Keys to Cybersecurity-Business Alignment
My book, Rational Cybersecurity for Business: The Security Leader’s Guide to Business Alignment contains 50 Keys to Alignment that accentuate the guidance. I’m writing about these keys in a “50 keys” blog series. This page conveniently summarizes all the keys… Continue reading
Place Information Risk Accountability at the Right Level
Too often, information risk accountability isn’t at the right level due to poor alignment between security and business leaders. It’s time to transform the way we communicate risk to the business. When the security program struggles with an issue, bring… Continue reading
Rational Cybersecurity Q4 Update
Since my Q3 update on the Rational Cybersecurity book project I’ve reached an important milestone. Take a look…
My goal is to get to a final draft (after rewrites) before the year’s end.
I’m also grateful to have… Continue reading