Senior managers talk about risks, and not about threats or controls. To have better conversations with senior leaders, focus where the risks are coming from, and why. This post offers a vocabulary for talking about cyber- and technology-related risks and their causes.
Cybersecurity
Tag ∙ 49 posts
Posts
Enterprise network perimeters have been disappearing: at first slowly, and then suddenly, all at once and at knifepoint. If this were a game of Clue, I’d accuse the Ransomware Actor, on the Edge Device, with the Zero-Day.
Microsoft’s new advice for securing Active Directory does customers a disservice by focusing on the wrong things. Tomorrow’s “Zero Trust” and Azure roadmaps won’t stop today’s ransomware epidemic. Enterprises need to protect the Active Directory they’ve already got.
Drift metrics can help measure how well-managed an enterprise’s technology assets are. CISOs can mine data contained in mainstream cloud configuration tools to understand conformance or divergence from expected states.
Digital crime is on the rise. To defeat it, defenders need to scale up, gain the full picture of risk, and heed the lessons of John Boyd.
This third post in a series about security and DevOps describes how to configure web servers with TLS.