BLOG

Your trusted source for cybersecurity news, insights, and advice.

The Great Translator: The Power of Risk Quantification

The Great Translator: The Power of Risk Quantification

One of the biggest obstacles to achieving cybersecurity maturity is a language barrier: security leaders speak tech, risk managers speak insurance, the legal team speaks contracts, CFOs speak ROI, and the C-suite and Boards of Directors speak duty of care and...

How to Avoid the Fake CEO Scam

How to Avoid the Fake CEO Scam

The US Treasury recently reported that Business Email Compromise (BEC) scams, sometimes referred to as “fake CEO scams, cost U.S. businesses an average of $300 million each month in 2018. These scams are on the rise; according to Trend Micro, the number of BEC...

A New Litmus Test for Board Directorships

A New Litmus Test for Board Directorships

Over the course of my career I’ve had the privilege to serve on numerous Boards of Directors of both public and private organizations. It’s a great honor to have the shareholders and stakeholders of an organization put trust in you, and fellow board members, to watch...

Making Sense of the NIST CSF

Making Sense of the NIST CSF

Of course, the whole point of a Doomsday Machine is lost, if you keep it a secret! Dr. Strangelove The Framework for Improving Critical Infrastructure Cybersecurity (aka the NIST Cybersecurity Framework, aka the NIST CSF) offers security organizations a framework to...

Moody’s: The Cybersecurity Trifecta for Boards of Directors

Moody’s: The Cybersecurity Trifecta for Boards of Directors

Intent To Rate Cybersecurity Risk Is The Third Major Board Of Directors Wake-Up Call The past 36 months has seen two significant developments that should have woken up Boards of Directors to their cybersecurity obligations. First, a spate of high-profile cyber events,...

Outrunning the Bear

Outrunning the Bear

A Cybersecurity Assessment Boards Actually Care About Boards and executives are becoming increasingly involved in cybersecurity planning and strategy discussions. This is a marked improvement over the last decade, much of which is due to media-catching headlines and...

Agenda Item #1 for the Next Board of Directors Meeting

Agenda Item #1 for the Next Board of Directors Meeting

A Duty of Care for Cybersecurity This past summer we witnessed various blue-chip firms like Maersk, Merck, FedEx and Mondelez, none of whom likely anticipated the reality of a major cyber event, all declare major impacts on operations and in some cases a resulting...

UPDATE – SEC’s New Cybersecurity Risk Guidelines

UPDATE – SEC’s New Cybersecurity Risk Guidelines

SEC’s New Cybersecurity Risk Guidelines As we noted in our recent piece “What do the SEC’s New Cybersecurity Risk Guidelines Mean for You as a Board Member?”, the Commission is increasingly focused on cyber risk as it pertains to disclosure requirements. The 2018...