Why Fear, Uncertainty and Doubt (FUD) fails in Digital Security and being BAD prevails

Why Fear, Uncertainty and Doubt (FUD) fails in Digital Security and being BAD prevails

We all know these cybersecurity specialists or security software sales representatives that want people to act in a certain way or buy certain products by saying things like, “if you don’t do (or buy) this, you will be hacked.” Sadly, this way of communicating is still an often-used approach in Information Security to get the message across or motivate people to “buy” their products or service. We call this approach FUD. FUD

Part 2 Podcast Yuri Bobbert on Oh, Behaav

Part 2 Podcast Yuri Bobbert on Oh, Behaav

In the second part of the Podcast of Oh, Behaav! Yuri discusses several topics from our book “Leading in Digital Security: 12 Ways to Combat the Silent Enemy”, such as; anti-fragility, the influence of a hack on the stock market value of the company, smart utilization of technology and the exploitation of incidents. He also talkes about Zero Trust as a strategy and rethinking what this requires in applying the

Stop Chasing the – CyberSecurity incident – Ambulance

Stop Chasing the – CyberSecurity incident – Ambulance

In the Cyber security arena, we see a lot of self-proclaimed security guru’s in the media these days making a day-job out of chasing ambulances. For those that don’t know the term, an ambulance chaser is somebody looking for a victim and telling him or her what went wrong and why he/she should do better next time. For example, a lawyer who seeks to encourage and profit from the lawsuits

What the hack happened? A CISO perspective on the Cosmos DB vulnerability

What the hack happened? A CISO perspective on the Cosmos DB vulnerability

Recent uproar on the Microsoft Azures database (Cosmos bug) hit the boardroom. A lot of major companies use Microsoft Cloud, so Azure customers were in for a rough surprise. Wiz’s Chief Technology Officer Ami Luttwak (his company found the vulnerability) describes it as “the worst cloud vulnerability you can imagine.”  Bloomberg says Microsoft warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could

The Golden Security Circle

The Golden Security Circle

Our second blog on management models applicable for Digital Security is all about creating a compelling vision. Introduction A common practice in Digital Security is to improve the level of security by implementing a framework (e.g., ISO27001/2, ISF, COBIT, NIST, etc.). Deficiencies in compliance with these frameworks are then defined and improvements can be executed. These improvements are defined in a security plan, which is sometimes misnamed as a security strategy.

Porters’ 5 Forces Elements for a Digital Security Strategy

Porters’ 5 Forces Elements for a Digital Security Strategy

Over the years we learned that other management models outside the digital security profession are relevant for digital security. In the coming three blogs, we will present three examples of management models pertaining to Digital Security. This is the first of this trilogy. Introduction Hackers and negative (social) media hypes have proven able to bring proud organizations to their knees, yet many information security managers and CISO’s lack a strategy

To Really Know Your Enemy

To Really Know Your Enemy

There is a saying by Sun Tzu in the Art of War in which he states, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. ‘If you know neither the enemy nor yourself, you will succumb in every battle”.Also, in the book About Face by

Cultural Legacy is blocking the CISO breakthrough

Cultural Legacy is blocking the CISO breakthrough

The field of the Chief Information Security Officer (CISO) is undergoing a development similar to the route taken by the CFO position in the past. The work of both officers is not essentially different, only the instruments differ. The CFO wants to obtain financial assurance, but also wants to save costs on all kinds of inefficient finance processes. You see exactly the same thing happening with information security. With the

Emerging roles in Digital Security

Emerging roles in Digital Security

We want to feel safe in this brave (and scary) new world we’re creating of machines, robots and artificial intelligence. Technological & political trends will definitely influence our profession. This new world will call for new jobs with new skillsets that address the future challenges ahead. Not only the role of CEO and CFO will change due to tech dominance in business also the role of the security officers and