Ten answers to cyber security

My last posting was perhaps a bit too negative. I should correct that by setting out my own solutions to cyber security. Here are my ten answers.

  1. Invest more public money into imaginative new approaches to malware detection.
  2. Ditch standardized, tick-box, compliance processes. Give freedom to security managers to implement innovative solutions.
  3. Place more emphasis on technical solutions and less on bureaucratic governance processes, which have become excessively bloated.
  4. Empower CISOs to overrule business objections on grounds of cost or delay.
  5. Massively speed up the implementation processes for security solutions, from years to days.
  6. Escape from the pervasive security “monoculture” of identical controls which makes it easy for attackers. Security by obscurity is no bad thing.
  7. Design security systems to counter projected future threats, not just today’s.
  8. Recognize Ross Ashby‘s Law and harness the scalability of technology and networks to leverage security.
  9. Expect users to make mistakes. Take account of this when designing systems.
  10. Manage crises as opportunities to gain free publicity and drive through change. Smart companies can emerge stronger.