Category Archives: CSO/CISO Perspectives

Y2K … Two Decades Later

– Why didn’t I use the title “Y2K at Twenty” for this column to match “The FS-ISAC at Twenty” that was posted on BlogInfoSec on January 6, 2020? Good question … easy answer. Because The New York Times commandeered “Y2K @ 20” for their online presentations. I will get to one of…

The FS-ISAC at Twenty

– The FS-ISAC (Financial Services Information Sharing and Analysis Center) was launched in October 1999 by Treasury Secretary Lawrence Summers. It was the first such entity. Many subsequent ISACs have used the FS-ISAC as their model. The idea for ISACs was part of the 1998 PDD (Presidential Decision…

Another Fifth … Quantum Dawn Cybersecurity Exercise

– Another Fifth … Quantum Dawn Cybersecurity Exercise Following my BlogInfoSec column “Taking the Fifth …” posted on October 29, 2019, I came across other “fives,” the most relevant of which was about Quantum Dawn V, which took place on November 7, 2019. This is the  fifth in a…

Are Cybersecurity Intelligence and Security Metrics Statistically Significant?

– It is customary to begin an article on cybersecurity with some statement about the exponential growth of threats, attacks, vulnerabilities, etc. I’m no different. It seems like a reasonable, generally accepted thing to do. So, I was somewhat surprised when someone pushed back on such a statement…

Are Ransom Payments Supporting Terrorists?

– Organizations, particularly those that recognize that they don’t have essential security and data recovery measures in place, have taken out cyber insurance, which they are regularly using to pay off ransomware attackers. I find it curious that these insurance companies seem to be willing to pay…