HRM Draft: Chapter 5: Building Effective Defenses

So you have identified the likely attackers, the threats that their attacks pose, and how at a high level they will carry out these attacks. Now what? The traditional (and wrong) answer is to cover all your bases by adopting the most comprehensive set of controls possible. Whether it is NIST CSF, NIST 800-53, ISO … Continue reading HRM Draft: Chapter 5: Building Effective Defenses

HRM Draft: Chapter 3 – Recognize the Threats

All too often, when discussing what could happen should a company suffer a cyber attack, security leaders will fall back into techno-babble and discuss the technical details of the potential incident. This is frustrating for business leaders who do not have a technical background, and this damages executive support for the security function. If the … Continue reading HRM Draft: Chapter 3 – Recognize the Threats

HRM Draft: Chapter 2 – Know Yourself

You cannot develop an effective information security program without understanding what it is you are protecting, or why attackers would want to obtain or harm it. Understanding your vital assets, in the context of information security, is the focus of this chapter. To start, you need to understand what matters most to your company’s leaders. … Continue reading HRM Draft: Chapter 2 – Know Yourself