Risk

Tag ∙ 8 posts

Posts

Talking to Executives About Cyber and Technology Risks

Senior managers talk about risks, and not about threats or controls. To have better conversations with senior leaders, focus where the risks are coming from, and why. This post offers a vocabulary for talking about cyber- and technology-related risks and their causes.

11 min read ∙ January 31, 2024

Andrew Jaquith

Who Killed the Perimeter? Some Clues.

Enterprise network perimeters have been disappearing: at first slowly, and then suddenly, all at once and at knifepoint. If this were a game of Clue, I’d accuse the Ransomware Actor, on the Edge Device, with the Zero-Day.

9 min read ∙ November 14, 2023

Andrew Jaquith

The Twenty-Year War on Cybercrime

Digital crime is on the rise. To defeat it, defenders need to scale up, gain the full picture of risk, and heed the lessons of John Boyd.

18 min read ∙ June 6, 2015

Andrew Jaquith

Cybersecurity for Machine-to-Machine (M2M) Networks

Billions of internet-connected devices are now online and talking amongst themselves. To secure them, vendors need to design them to avoid surprises they didn’t intend.

9 min read ∙ June 4, 2013

Andrew Jaquith

Outsource your web risks with a static website

A few weeks ago I put together my annual Predictions blog post for the coming year. In that post and accompanying webinar, I suggested five emerging risk areas that CISOs need to pay attention to in the coming year.

11 min read ∙ January 8, 2013

Andrew Jaquith

What do Security-Conscious People Choose?

At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Internet Identity Workshop skewed decidedly in the Mac direction.

I thought it would be fun to put together a quick poll asking the members of the securitymetrics.org mailing what operating systems they used. I sent out a note asking the membership to respond to two simple questions:

3 min read ∙ May 22, 2007