Earlier this year I shared my thoughts with you about the new program for small and mid-sized enterprises from the cybersecurity association (the ISSA.org) making cybersecurity expertise available to everyone.
Now, I’d like to invite you to join an online Cybersecurity Community of Excellence.
Unlike the ISACs, which focus on sharing vulnerability data with members and require their members to have technical security professionals on staff, the ComEx groups actively improve each process related to the rest of the NIST Cybersecurity Framework, SANS Top 20, ISO and FFIEC requirements. In short, every business, even those without mature security programs and geeky cybersecurity experts, can now benefit from peer groups.
These online peer group training programs help you and your team to build an effective and even award winning information security program steadily at very low cost, in place of expensive consultants and disruptive conferences & training events.
- Comply with federal regulations and industry standards
- Benchmark cybersecurity with your peers
- Show measurable improvement quickly
- Ease compliance audits
- Qualify for an ISSA Cybersecurity Quality Award
It is inexpensive and easy to join a Cybersecurity Community of Excellence. All companies in the peer group improve cybersecurity together, learn from one another, and never lose what they’ve learned because it is all preserved in a continually growing and improving knowledge-base.
Cybersecurity excellence is within reach of every company.
Download the Member Guide to see how easily regional banks, hospitals, law firms, and every other type of business of any size may join.
Join a Cybersecurity Community of Excellence today and let’s improve cybersecurity together!
When I asked many of you, my peers in IT, if it would be helpful to have a playbook for security management like those used by the best quarterbacks or midfielders or point guards (pick your sport!), many of you said yes right away, but then asked what it would look like.
“You mean like the SANS Top 20?” one might ask.
“You mean like OWASP?” another would say.
As downright useful as both of those sets of recommendations are, that’s not what I meant. I’m thinking more along the lines of a guide for security executives, security directors. A management guide.
“Oh, you mean like Peter Drucker’s The Practice of Management, or Steven Covey’s 7 Habits of Highly Effective People.”
That’s warmer. Both of those books help to build necessary management skills. It was then that I realized that there really isn’t a business handbook for security managers.
Therefore, I’ve started to put one together based on my interdisciplinary security management course that I’ve taught for some years at DePaul University. I call it The Security Manager’s Playbook: A Leader’s Guide to Optimizing Cyber Security for any Business
Click here to download an abridged version for Free. Yes, I want the free eBook
Recently I was asked to describe the services of Hunt Business Intelligence. I said, “It’s like picking up the bat phone and getting expert help for any security question or challenge.”
That’s a good image, and one our customers still use to describe us to their peers. However, a more formal way of describing it is like this:
Since 2005, Hunt Business Intelligence has been helping leaders to optimize security. We serve the entire ecosystem of security—end users, vendors, and investors.
- Enterprise Leaders, such as CIOs, COOs and heads of security (CISO, CSO) and large and mid-sized enterprises
- Product Managers
- Venture Investors
In short, you have Steve Hunt and his team of seasoned security experts available for you to address any challenge by phone or email or in person.
- Need outside experts to assess your security program and provide you with a formal analysis? Our Security Success Score™ measures your company’s Security Maturity.
- Got a big meeting or product release coming up? Let Steve Hunt and his Hunt Business Intelligence team ensure that you are fully prepared.
- Wrestling with a tedious security problem? We have practical, actionable advice.
- Dealing with office politics? Our advisers have seen it all before and will help you shine as a leader.
- Want a one-day workshop to accelerate your security program? Our consultants are dynamic facilitators and will leave your entire team feeling enriched and empowered.
Advisory phone and email packages begin at just $1995. Visit our website or simply drop us a note at firstname.lastname@example.org in order to get started.
Join this list of satisfied customers Contact us today and get a Free eBook The Security Manager’s Playbook: A Leader’s Guide to Optimizing Cyber Security for any Business
Are you one of the lucky few NOT suffering from these six costly management problems?
To learn my Four Steps to Security Maturity, and to find out your organization’s Security Success Score™ click here.
During seventeen years at Hunt Business Intelligence and Forrester Research I’ve had the privilege of researching trends and best practices across the security industry. In-depth interviews with over 450 CIOs and security leaders show that the greatest weaknesses in security programs are not technological, nor are they skill- or personnel-related. The greatest shortcomings, affecting more than 9 out of 10 security programs, have to do simply with management, or what I like to call Security Maturity.
Here is where the success of security leaders consistently breaks down:
This week, the ISSA (ISSA.org) announced a free online tool available to all cyber security professionals. It is being offered as part of its partnership with the Alliance for Performance Excellence, which promotes Baldrige-based quality and performance frameworks. You may know Baldrige as the framework behind TQM, Six Sigma and other improvement systems.
I think this is a powerful tool and a great opportunity for all of us in technology and business to start building quality into our security programs, and to resist the temptation to be in a pertetual state of fire-fighting.
Andrea Hoy, President of ISSA, characterized the partnership this way in the ISSA press release.
The Alliance for Performance Excellence will help our members with principles and tools that can be used to build and test more resilient mature security operations. For over 30 years, Baldrige has been well recognized as the standard to reach in business for performance excellence, and I am honored that the Alliance for Performance Excellence has selected us as a partner.
The Alliance for Performance Excellence is supporting ISSA members–and the entire industry–by providing a free Baldrige-based self-assessment tool through its partner, ManageHub. This self-assessment, named the Security Success Score™, allows anyone to assess the performance of security operations in light of NIST-based and Baldrige-based frameworks. The Security Success Score™ is suitable for any sized organization, with special emphasis on small and mid-sized organizations.
Click here to take the Free self-assessment
Read the full Press Release here
Are you finally ready to improve the maturity of your organization’s CyberSecurity program but not sure where to start? The NIST CyberSecurity Framework is an excellent path to success, but it will seem daunting at first.
My customers and my fellow ISSA members with the most mature security operations follow the NIST framework, and many more are jumping on board every day.
After all, CyberSecurity only succeeds when combined with CyberMaturity. What’s CyberMaturity? It refers to running security like a well-run business. Applying business best-practices yields true resilience and cost effectiveness in a security program. Unfortunately, measuring actual progress with a standardized maturity scoring has been impossible.
Now, the folks behind NIST’s world famous performance excellence program have partnered with the ISSA and ManageHub to provide a free assessment of your organization’s CyberMaturity. Get your completely free and anonymous Security Success Score here.
When you are ready to accelerate your progress, then use this new service: CyberMaturity-as-a-Service.
Simply sign up, then log in to the online workspaces of ManageHubSecurity.com. Begin following the preloaded processes of the NIST Cybersecurity Framework and watch your security operations begin measurably improving right away.
You’ll be assigned a personal online coach for a small monthly fee who will periodically check your work and give you guidance along the way.
Now, small and mid-sized organizations can have the same (or better) maturity as the large, rich enterprises. It’s easy, and you do not need expensive consultants or technology.
Start today! Send me a LinkedIn note to learn more, or visit http://www.managehubsecurity.com
I don’t read every press release that comes down the wire. But when I see one from a cyber security company called Secret Double Octopus–no lie–I take notice.
“Secret Double Octopus. This has gotta be good,” I thought to myself.
The real thrust of the press release is this. Encryption is strong, but the infrastructure supporting it isn’t. Therefore secrets get leaked. However, by “shredding” the data and sending it through different routes, any network traffic that is intercepted is unusable.
That’s good, but there is more. There is another sexy idea in the announcement by Secret Double Octopus, and that is a world without keys. Keys are the cryptographic shorthand for the authentication technologies that lock and unlock secure communications across a network. Keys are the weakest link in the otherwise bulletproof encryption architectures we use today. So if we can eliminate keys and key infrastructure, we take away the biggest source of risk.
Secret Double Octopus claims to do just that using mathematical theory already several decades old and well-respected in the academic and cryptographic communities. In layman’s terms, this “new” technique is called “secret sharing.” The core of the solution is to starve the attacker of sufficient information for any meaningful computation. In geek speak, “you cannot solve an equation of two variables.”
Bottom line: even after capturing some or all of the data transmission, the attacker lacks the ability to solve for the variables.
Securing our most sensitive data, and eliminating troublesome keys is the mission of Secret Double Octopus.
The impact could be huge. Today banks know that their PKI (public key infrastructure) is not secure enough for their most sensitive transmissions. And the demands of the Internet of Things have already strained PKI to the breaking point. Secret Double Octopus (I love saying that!) comes to the rescue, potentially enabling billions of secure, keyless transactions between cars, trains, factory machines and toasters to the cloud and to private networks.
The coming months will be fun to watch as this new startup out of Israel demonstrates its capabilities and attempts to disrupt the security and networking worlds.