Geek-Guy.com

Author: Gary

Control is …

  … technical, physical, procedural, legal, social, mechanical, economic, political …… applied to processes, systems, machines, people, quality …… a volume knob that goes all the way to 11… automated, semi-automated or manual … …

Risk is …

 … when threat exploits vulnerability causing impact… tough to measure, express and control… the product of probability and impact… the gap between theory and practice… the root of pessimism and optimism … the once-in-a-hundred-years e…

CISO workshop slides

A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title ‘CISO Workshop: Security Program and Strategy’ with ‘Your Name Here’ suggests it might be a template for use in a workshop/cou…

Fragility is …

… the arch-enemy – not the polar opposite – of resilience … a natural consequence of complexity and dependence… when threat meets vulnerability exceeding control… not knowing whether, how and when it will break… being unable/unwilling/afraid …

Resilience is …

… depending on others and being there for them when they need us most … the rod bending alarmingly … while landing a whopper … an oak tree growing roots against the prevailing wind … taking the punches, reeling but not out for the count….

Skyscraper of cards

Having put it off for far too long, I’m belatedly trying to catch up with some standards work in the area of Root of Trust, which for me meant starting with the basics, studying simple introductory articles about RoT.As far as I can tell so far, RoT i…

Complexity, simplified

Following its exit from the EU, the UK is having to pick up on various important matters that were previously covered by EU laws and regulations. One such issue is to be addressed through a new law on online safety.”Online safety: what’s that?” I hear …

The discomfort zone

 Compliance is a concern that pops up repeatedly on the ISO27k Forum, just this  morning for instance. Intrigued by ISO 27001 Annex A control A.18.1.1 “Identification of applicable legislation and contractual requirements”, members generally …

How many metrics?

While perusing yet another promotional, commercially-sponsored survey today, something caught my beady eye. According to the report, “On average, organizations track four to five metrics”.  Four to five [cybersecurity] metrics?!!  Really…