Cybersecurity is NOT implementing a checklist of requirements; rather it is managing cyber risks to an acceptable level. Managing cybersecurity risk as part of an organization’s governance, risk management, and business continuity frameworks provides the strategic framework for managing cybersecurity risk throughout the enterprise.Src: https://www.us-cert.gov/sites/default/files/publications/DHS-Cybersecurity-Questions-for-CEOs.pdf
QOTD - DHS on CyberSecurity & Risk
QOTD on InfoSec as a Top Concern for Management
... cyber-security can no longer be an isolated function but requires a focused effort and collaborative conversations among the various functions in an organisation.
--Tal Mozes, leader of Hacktics Advanced Security Centre
QOTD - Ex-NSA Deputy Director on Managing Privileged Users
Snowden was a system administrator, so by design he had more privileges. Does that expose a weakness in the system? In hindsight, Snowden went far beyond where we would have expected him to go. The challenge is how do you extend trust to individuals that you’ve gone to great time and trouble to find, vet, and develop confidence in, and allow them to exercise ingenuity, innovation, and creativity? We need to up our game without crushing the 99.9 percent of people who have operated faithfully. We need to focus on behaviors—on the access to data in real time, instead of on defending perimeters, operating systems, or artifacts. You’re looking for a change in behavior that is an anomaly and warrants close examination.
-- John C. Inglis, former NSA Deputy Director
Src: Ex-NSA Deputy Director Says the Agency Must Be “Biased” Towards Defense, Not Attack | MIT Technology Review
QOTD - Mikko on Government Malware
We had the nuclear arms race for decades, but now we seem to be in a cyber arms race.
The idea of democratic western governments backdooring technology or using malware and trojans against other democratic governments would've sounded like science-fiction, but that is exactly where we are today.
-- Mikko Hypponen, Chief Research Officer for F-Secure
Src: Black Hat: Expert sheds light on government sponsored malware creation - SC Magazine
Subscribe to:
Posts (Atom)