I saw a few tweets about this article tongue in cheek saying "time to update your threat model" - but how many actually do that? Who is at work this week creating a document that illustrates how a data breach of their external council could lead to their own data loss event? I'd guess it is a very small number of folks. I'm making the cas

Having completed actions one through five, the organization is now in a position to build the risk-based cybersecurity model. The analysis proceeds by matching controls to the vulnerabilities they close, the threats they defeat, and the value-creating processes they protect. The run and change programs can now be optimized according to the current

The truth is that in today’s hyperconnected world, maturity-based cybersecurity programs are no longer adequate for combatting cyberrisks. A more strategic, risk-based approach is imperative for effective and efficient risk management (Exhibit 2).