Threat Smart VI

○ ○ ○Wayne Barrow was correct. “Risk is the nature of true business growth.” Yet Incident Response

& short term profit can't recover lost momentum or market share once business, sensitive and

national security data is in the possession of competitors and hostile adversaries. Adversaries

not known for respect of international norms & law. Or their cooperation with international

cyber crime investigators. Why won't many German, American and Asian organizations do

business in China? Why has Singapore been taking public servants offline? Same reasons

addressed in Risk Management Done Right. CIOs/CSOs/CISOs may fail to prevent CEOs

from taking on unwise risks. They see appreciate digital risk fatigue best. Especially,

the fact that Digital Forensics, Intrusion Analysis & by extension Incident Response,

has limits. Enter Brier & Thorn, who by following me on Twitter got me thinking

about log analysis and Attribution's limits. Briefly addressed in Threat Smart III.

Needed: Accurate understanding of the political, technical; forensic context

of security “events”/an incident. And with little time available & so many

moving parts, only holistic Incident Analysis can address intricate, WHAT

(i.e., data); WHY (motivation); HOW (function); WHO (competitor or

adversary), WHERE (network) or, WHEN (time) issues. That's where

frameworks like Diamond & FORZA, eloquently addressed here by

Alissa come in. Like her, my IR bias, which goes back to the 90s

is more focused on ACTUAL data protection. Knowing and fully

appreciating both location and value of data. Hence, Access

Governance. From Physical to Cloud. And the OPM Breach

warning is that: Beyond Pen Testing, myopic pre-9/11/01

internal InfoSec politics, Set-and-Forget/C-Level profit

first-security-later cultures often learn the expensive,

hard way. Holistic, voracious appetite for all things

Security (not just tech), significantly broaden the

skillset forensic analysts, business, Sys/Security/

Data owners/Admins, architects, auditors and

legal advisers/prosecutors, bring/contribute

to audits, digital forensic and cyber crime

investigations and analysis. Indeed with-

out good understanding of the tangible

& intangible attributes of adversaries

motivations, ticking the Reconnais-

sance/Reliability/Relevancy box,

like PCI DSS tick and pass, may

make you compliant. But that

says nothing about your data

assets. Does it? Like nation

states, the jewels cyber-

criminals want, specific

data — increasingly, is

best Cyber-insured.

Mind your insiders

IT Dept/Security

politics as well

third parties

& business


○  ○  ○(Follow the Dove)



○ ○ ○Go Deep




Views: 132


You need to be a member of Brooklyn Art Project to add comments!

Join Brooklyn Art Project


Latest Activity

Christopher Stewart posted a video

Crazy (Gnarls Barkley) - excerpt - [Fingerstyle Guitar Covers]

excerpt from an approximation of « Crazy » by Gnarls Barkley. recorded in july 2018. ❤ thank you for your support ! ❤ § you're invited to subscribe to the ★ ...
7 minutes ago
THiNKTaNK posted blog posts
3 hours ago
Christopher Stewart posted a video

Close To You (Burt Bacharach / The Carpenters) - excerpt - [Fingerstyle Guitar Covers]

part of an arrangement in progress of « Close To You » by Burt Bacharach / The Carpenters. recorded in july 2018. ❤ thank you for your support ! ❤ § you're i...
THiNKTaNK posted a blog post

© 2020   Created by Brooklyn Art Project.   Powered by

Badges  |  Report an Issue  |  Terms of Service