Category Archives: Risk Analysis

Truth, Trust and Cybersecurity Risk

– It is a sad reflection on the times, but it is becoming increasingly difficult to distinguish among true and false “facts,” accurate and misleading interpretations, and personal and politically-expedient beliefs. In my November 11, 2019 BlogInfoSec column “Are Cybersecurity Intelligence and…

Cybersecurity Risk Management … Beyond the “Golden Period”

– Where do we stand with the management of cybersecurity risk? Answer … Not in a good place. This position was further augmented upon reading an article in the January 23, 2020 Washington Post by Anna Fifield with the title “Wuhan quarantine expands as Chinese fear authorities withholding…

The Why and Wherefore of Cybersecurity Risk

– There is a song in Gilbert and Sullivan’s “HMS Pinafore” light opera that begins “Never mind the why or wherefore.” Perhaps that has been a problem all along with cybersecurity risk management. We discuss ad nauseum the how, what, when and where of cyberattacks, but seldom do we really…

Lies, Bigger Lies … and Cybersecurity Analytics

– The original phrase “lies, damned lies, and statistics” is attributed to Mark Twain. There have been several books using this phrase in their titles. It always stuck in my mind and has been reinforced over the years with validating experience. There is an article in the October 2018 issue of…

Cybersecurity Metrics. Hurricane Winds and Floodplains

– You may have noticed that I like to draw analogies between cybersecurity and other fields. I happen to think that there is a lot to learn from such comparisons. Hurricane Florence, which brought feet of rainfall and catastrophic flooding to North and South Carolina during September 2018, made…