Book, Cyber Risk and Risk - Cyber Security Informer

Fire Doesn't Innovate by Kip Boyle (Book Review)

Adam Shostack

JANUARY 2, 2025

An unexpected book review. I hate reviewing books by people I know, because I am a picky reader, and if you can't say anything nice, don't say anything at all. I also tend to hate management books, because they often substitute jargon for crisp thinking. It is not a book for the CSO. Fire" doesn't do that.

CSO

CSO Cyber Risk Backups Risk

How to Use Your Asset Management Software to Reduce Cyber Risks

CyberSecurity Insiders

APRIL 29, 2022

Here is a rundown of the benefits of an asset management software in cutting down cyber-related threats. Identify assets and their associated risks. Admins can reduce security risks associated with unidentified, forgotten, or malfunctioning IT assets when IT possessions are tracked. Handle the threats’ possible risks. .

Cyber Risk

Cyber Risk Software Risk IoT

“Fire Doesn’t Innovate” by Kip Boyle (Book Review)

Adam Shostack

FEBRUARY 4, 2019

I hate reviewing books by people I know, because I am a picky reader, and if you can’t say anything nice, don’t say anything at all. I also tend to hate management books, because they often substitute jargon for crisp thinking. It is not a book for the CSO. The book is organized into two major parts.

CSO

CSO Cyber Risk Backups Risk

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

Jane Frankland

AUGUST 18, 2020

trillion in global value will be at risk from cyberattacks. Often, I see a tendency to deal with risk management as a compliance issue that can be solved by creating lots of rules and ensuring employees follow them. Both share the same goal – to reduce risk – and both design, establish and enforce controls to protect an organisation.

Cyber Risk

Cyber Risk Risk Cybersecurity Technology

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

DECEMBER 11, 2023

He has led organizations within the cybersecurity industry for over 25 years, and has written books ranging from the best-selling Cybersecurity for Dummies to the official study guide from which many CISOs study for certification exams in advanced information security management. patent filings.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Information Security

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

FEBRUARY 17, 2025

We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks. This led to a reactive approach where organizations were more focused on regulatory adherence than on actual security risk management.

Government

Government Cybersecurity Risk CISO

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business

Joseph Steinberg

JANUARY 18, 2024

While technological advances have, in some ways, allowed humans to enjoy an unprecedented quality of life, they also create significant risks. When it comes to cybersecurity the same is true – you need a cyber security if you want to competently address cyber risk.

Cybersecurity

Cybersecurity Computers and Electronics Cyber Risk Risk

Episode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen

The Security Ledger

AUGUST 18, 2022

We speak with Mikko Hyppönen on the sidelines of the DEF CON Conference in Las Vegas to talk about his new book, “If its Smart it Vulnerable.". We speak with Mikko Hyppönen on the sidelines of the DEF CON Conference in Las Vegas to talk about his new book, “If its Smart it Vulnerable." Click the icon below to listen.

Cyber Risk

Cyber Risk Risk Data privacy Internet

AUTHOR Q&A: China’s spy balloons reflect a cyber warfare strategy America must counter

The Last Watchdog

FEBRUARY 21, 2023

Related: Preparing for ‘quantum’ hacks That being so, a new book, Fixing American Cybersecurity , could be a long overdue stake in the ground. Part one of the book catalogues how cyber criminals and US adversaries have taken full advantage of systemic flaws in how we’ve come to defend business and government networks.

Marketing

Marketing Cyber Risk Cybersecurity Internet

4 Critical Capabilities Your Cyber Risk Management Tools Should Have

Centraleyes

JANUARY 7, 2024

There’s no avoiding digital risk. However, that doesn’t mean there aren’t plenty of ways to minimize these risks. It’s important your cybersecurity teams have a cyber risk management program in place for this purpose. Efficient risk and vulnerability assessment is another area where automation shines.

Cyber Risk

Cyber Risk Risk Penetration Testing Cybersecurity

Women in Cybersecurity & IWD: Why I’m Done!

Jane Frankland

MARCH 8, 2025

And yet, while organisations cut DEI funding, the right-wing populist wave brings heightened risks, like the frightening rise of antisemitism, extremism, and violence against women. Most decision-makers focus solely on mitigating relentless cyber risks, seeing gender inclusion as secondary or irrelevant to “urgent” challenges.

Cybersecurity

Cybersecurity Penetration Testing Accountability Cyber Risk

Third Party Cyber Risk is growing. Most Companies aren’t prepared.

The Security Ledger

SEPTEMBER 10, 2019

Third party cyber risk is a growing concern for organizations, as breaches and hacks tied to third party providers and applications multiply. How do you know if your third party cyber risk management program is up to the task? Our new e-book, sponsored by CyberGRX, will help you figure it out!

Cyber Risk

Cyber Risk Risk Firmware Data breaches

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Joseph Steinberg

APRIL 20, 2021

In some cases, Voice-over-IP numbers are not acceptable as cellphone numbers either – meaning that registrants must increase their cyber-risk by providing their actual cellphone numbers to a party that has offered no information about how that data will be protected. Provide as little information as possible to vaccinators.

Healthcare

Healthcare Insurance Computers and Electronics Data collection

Australia entities suffer Cyber Attacks and QUAD update

CyberSecurity Insiders

FEBRUARY 3, 2023

Crypto Locker Virus is suspected to be behind the incident and almost all booking systems were hit by a ransom demanding malware. Therefore, the collaboration is said to use artificial intelligence to better detect network intrusions in an automated way that will improve cyber risk management of critical infra such as power utilities.

Cyber Attacks

Cyber Attacks Artificial Intelligence Identity Theft Cyber Risk

How security pros, the insurance industry, and regulators can combat ransomware

SC Magazine

APRIL 19, 2021

Insurance claims from cyber/ransomware events have consumed up to 40% of the claims of some insurers’ cyber books. Cyber insurance was once seen as a stable sector of commercial insurance, with lower-than-average loss ratios compared to other major commercial coverages.

Insurance

Insurance Cyber Insurance Ransomware InfoSec

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

Centraleyes

APRIL 17, 2025

For example, requiring managerial approval for large transactions or implementing strict system access restrictions ensures that risks are mitigated at the outset. If controls are applied haphazardly, poorly monitored, or lack standardization, financial reporting risks still persist. Where Does COSO Fit In?

Risk

Risk Technology Accountability Cybersecurity

CISA’ Cybersecurity Performance Goals update: Key changes and additions your team should know

Security Boulevard

APRIL 5, 2023

After only five months on the books, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is revamping its Cybersecurity Performance Goals, a set of recommendations designed to help identify and prioritize measures to address the most common and serious cyber risks faced by organizations today.

Cybersecurity

Cybersecurity Cyber Risk Risk Software

Why is Chinese threat actor APT 41 in a tearing hurry?

Security Boulevard

SEPTEMBER 30, 2024

These legislations mandate cyber risk and gap assessment, deployment of OT Security Operations Center (SOC), better reporting and asset visibility and enhanced monitoring of OT/ICS networks. Learn more about an IEC 62443-base cyber threat and risk assessment for your infrastructure. Penalties are in order as well.

Cyber Risk

Cyber Risk Surveillance Risk Cyber threats

NIST Framework Version 2.0 a Smart Evolution from 1.1

SecureWorld News

AUGUST 14, 2023

Shortly after it was originally published in 2014, I started using the CSF with our customers to help them find and mitigate their top five cyber risks. And, at my company, Cyber Risk Opportunities, we have used CSF v1 and v1.1 In other words, cyber has become a material business risk and it deserves top-down attention.

Cyber Risk

Cyber Risk Risk Cybersecurity Government

Cybersecurity Is Not A One-Stop-Shop

Security Boulevard

MAY 6, 2021

But, the issues around cybersecurity are here to stay, and the gas pedal must not be eased – especially with the increased risks associated with continued remote working. The Risk Grows Despite lockdown restrictions easing, cybersecurity risks remain and are likely to grow as COVID-19 changes the working landscape.

Cybersecurity

Cybersecurity DNS Education Security Awareness

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business

Joseph Steinberg

JANUARY 19, 2024

While technological advances have, in some ways, allowed humans to enjoy an unprecedented quality of life, they also create significant risks. When it comes to cybersecurity the same is true – you need a cyber security if you want to competently address cyber risk.

Cybersecurity

Cybersecurity Computers and Electronics Cyber Risk Risk

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Centraleyes

JANUARY 21, 2024

Risk Assessment: Perform a comprehensive risk assessment related to network and information systems. Supply Chain Security: Assess the security of your supply chain and establish third-party risk management procedures. Notable additions include: Policies on risk analysis and information system security.

Cybersecurity

Cybersecurity Energy and Utilities Cyber threats Risk

Top Benefits of Effective 3rd Party Vendor Risk Management

Centraleyes

JANUARY 14, 2024

However, every partnership you make introduces a degree of risk that must be accounted for. Examples include: Privacy concerns Digital security Business continuity Regulatory compliance Physical security Risk is a hot topic in the business sector. We’ll discuss the details of vendor risk and the ways we can address it.

Risk

Risk Cybersecurity Government Insurance

Protecting your Customers and Brand in 2022: Are you doing enough?

Jane Frankland

APRIL 28, 2022

It’s a roller coaster of a time to lead, as CIOs, CISOs and CTOs are having to deal with more users, data, devices, technologies, connectivity, mobility, regulations, risks, and threats than they care to. Cyber risks top worldwide business concerns in 2022. The digital skills gap comes at a cost. Women can enable this.

CISO

CISO Mobile Technology Risk

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

Entities designated as "essential" or "important" by member states in all sectors of the economy and public services must implement robust security measures, including proactive risk management, incident reporting, and supply chain security. The DSA introduces tiered obligations based on platform size and reach. PCI DSS 4.0

Risk

Risk Manufacturing Digital transformation Cyber threats

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Security Boulevard

APRIL 29, 2024

Entities designated as "essential" or "important" by member states in all sectors of the economy and public services must implement robust security measures, including proactive risk management, incident reporting, and supply chain security. The DSA introduces tiered obligations based on platform size and reach. PCI DSS 4.0

Risk

Risk Manufacturing Digital transformation Cyber threats

3 Truths about the State of CRQ

Security Boulevard

AUGUST 30, 2022

On my flight to Las Vegas, I read the book “Connecting the Dots.” Blackhat is great each year, but this year was a special one because I got to meet and chat with many security leaders in person after a long time. The post 3 Truths about the State of CRQ appeared first on Security Boulevard.

Cyber Risk

Cyber Risk Risk Cybersecurity

Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges

The Security Ledger

APRIL 2, 2021

. » Related Stories Episode 207: Sara Tatsis of Blackberry on finding and Keeping Women in Cyber Encore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent Pipeline Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk.

InfoSec

InfoSec CISO Information Security Cyber Risk

10 Best Attack Surface Management Tools

Security Boulevard

SEPTEMBER 18, 2024

Attack surface management refers to the continuous process of asset discovery, assessment, and risk mitigation associated with an organization’s network. Remediation The remediation process focuses on implementing measures to strengthen an organization’s security posture by addressing vulnerabilities and minimizing risk exposure.

Risk

Risk Software Internet Internet

Spotlight Podcast: Synopsys’ Dan Lyon on the Challenge of Securing Connected Medical Devices

The Security Ledger

AUGUST 17, 2018

Dan and I discuss some of the flaws in the approach that medical device makers take to security, and how manufacturers can take a page out of their own book: applying the same standards to cyber security as they do to – say- device safety. . “Manufacturers need to take a step back,” he said.

Manufacturing

Manufacturing Cyber Risk Internet Internet

Tom McArdle Joins At-Bay as National Broker Executive

CyberSecurity Insiders

NOVEMBER 3, 2021

He previously served as Senior Vice President at AXIS, contributing to building out the management liability and professional liability book of business. I’m thrilled to join the incredibly talented team at At-Bay, and look forward to helping grow relationships with our wholesale partners,” said McArdle.

Insurance

Insurance Marketing Cyber Risk Technology

The Challenges in Building Digital Trust

SecureWorld News

DECEMBER 11, 2023

According to Cliff Stoll, author of the book The Cuckoo's Egg , the community was small, and the level of trust was very high. I consider digital trust, just like cyber risk management, to be a team sport. What are the origins of the need for a trust framework?

Technology

Technology Artificial Intelligence Cybercrime Government

Why are “Secure” Companies Still Being Hacked?

Security Boulevard

MAY 17, 2023

DEMETRIUS MALBROUGH: Yeah, it seems like everyone is focusing and really getting laser focused and honed in on security and dealing with cyber risks and cybersecurity overall. But actually, the biggest change is actually how risk was assessed in cybersecurity. So how risk is assessed changed. So it's growing.

Hacking

Hacking Insurance Small Business Cybersecurity

Black-box vs. Grey-box vs. White-box: Which Penetration Test Is Right for You?

Zigrin Security

AUGUST 9, 2023

Compared to black-box testing where penetration testers go in blind, grey-box penetration tests are likely to uncover more critical risks and provide more comprehensive remediation reports. The transparency of a white-box test builds trust in the client-tester relationship and a shared understanding of your unique risks and priorities.

Penetration Testing

Penetration Testing Cyber Attacks Architecture Risk

SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

The Last Watchdog

APRIL 27, 2020

It’s difficult to convey the scope and scale of cyber attacks that take place on a daily basis, much less connect the dots between them. Related: The Golden Age of cyber spying A new book by Dr. Chase Cunningham — Cyber Warfare – Truth, Tactics, and Strategies — accomplishes this in a compelling, accessible way.

Passwords

Passwords VPN Digital transformation Cyber Attacks

Author Q&A: Former privacy officer urges leaders to prioritize security as part of cloud migration

The Last Watchdog

MAY 30, 2023

Collectively, enterprises spend a king’s ransom many times over on cyber defense. Yet all too many companies and individual employees till lack a full appreciation of the significant risks they, and their organizations, face online. And as a result, many still do not practice essential cyber hygiene.

Cloud Migration

Cloud Migration Passwords Cybersecurity Cyber threats

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

Security Affairs

MARCH 18, 2024

Resecurity reported about the increasing wave of cyber incidents targeting the aerospace and aviation sectors. The experts emphasized the importance of rigorous cybersecurity risk assessments for airports and proactive threat intelligence in the context of the activity of major ransomware groups and advanced threat actors.

Cyber threats

Cyber threats Risk Cyber Risk IoT

Security Roundup March 2024

BH Consulting

MARCH 21, 2024

Creeping cyber risk grabbing global headlines Ransomware keeps reminding us of the strong connection between a cybersecurity incident and financial loss. Scale is a factor: larger organisations seem better equipped than SMEs to react to risks. MORE Mark Hillick’s book (DRM-free) on the various paths into security.

Cyber threats

Cyber threats Ransomware Healthcare Risk

Key Cybersecurity Trends for 2024: My Predictions

Jane Frankland

DECEMBER 7, 2023

Critical infrastructure, such as energy grids and transportation systems, will be targeted, posing risks to national security and economic stability. Geopolitical tensions also foster information warfare and cyber espionage, compromising the security of governments, businesses, and individuals. The first is by rule making.

Cybersecurity

Cybersecurity Cyber threats Insurance Artificial Intelligence

Army Cyber Defense Review: 'The Only Constant Is Change'

SecureWorld News

NOVEMBER 17, 2022

Gerstein, a 1980 West Point graduate, who served as the Department of Homeland Security Undersecretary (acting) and Deputy Undersecretary in the Science and Technology Directorate from 2011-2014, in his "Better Anticipating and Managing Today's Growing Cyber Risks" article.

Cyber Risk

Cyber Risk Information Security Technology Accountability

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

For example, at the time was writing by book on IoT Security, When Gadgets Betray Us, Paul was off creating The Security Ledger, a news site dedicated to IoT security, a site where he remains Editor in Chief today, runs a Boston-area security of things meetup, and maintains his own great infosec podcast called the Security Ledger podcast.

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

For example, at the time was writing by book on IoT Security, When Gadgets Betray Us, Paul was off creating The Security Ledger, a news site dedicated to IoT security, a site where he remains Editor in Chief today, runs a Boston-area security of things meetup, and maintains his own great infosec podcast called the Security Ledger podcast.

InfoSec

InfoSec Manufacturing Technology Software

Fire Doesn't Innovate by Kip Boyle (Book Review)

How to Use Your Asset Management Software to Reduce Cyber Risks

Webinars

Trending Sources

“Fire Doesn’t Innovate” by Kip Boyle (Book Review)

Webinars

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business

Episode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen

AUTHOR Q&A: China’s spy balloons reflect a cyber warfare strategy America must counter

4 Critical Capabilities Your Cyber Risk Management Tools Should Have

Women in Cybersecurity & IWD: Why I’m Done!

Third Party Cyber Risk is growing. Most Companies aren’t prepared.

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Australia entities suffer Cyber Attacks and QUAD update

How security pros, the insurance industry, and regulators can combat ransomware

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

CISA’ Cybersecurity Performance Goals update: Key changes and additions your team should know

Why is Chinese threat actor APT 41 in a tearing hurry?

NIST Framework Version 2.0 a Smart Evolution from 1.1

Cybersecurity Is Not A One-Stop-Shop

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Top Benefits of Effective 3rd Party Vendor Risk Management

Protecting your Customers and Brand in 2022: Are you doing enough?

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

3 Truths about the State of CRQ

Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges

10 Best Attack Surface Management Tools

Spotlight Podcast: Synopsys’ Dan Lyon on the Challenge of Securing Connected Medical Devices

Tom McArdle Joins At-Bay as National Broker Executive

The Challenges in Building Digital Trust

Why are “Secure” Companies Still Being Hacked?

Black-box vs. Grey-box vs. White-box: Which Penetration Test Is Right for You?

SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

Author Q&A: Former privacy officer urges leaders to prioritize security as part of cloud migration

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

Security Roundup March 2024

Key Cybersecurity Trends for 2024: My Predictions

Army Cyber Defense Review: 'The Only Constant Is Change'

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected