Ten answers to cyber security

My last posting was perhaps a bit too negative. I should correct that by setting out my own solutions to cyber security. Here are my ten answers.

  1. Invest more public money into imaginative new approaches to malware detection.
  2. Ditch standardized, tick-box, compliance processes. Give freedom to security managers to implement innovative solutions.
  3. Place more emphasis on technical solutions and less on bureaucratic governance processes, which have become excessively bloated.
  4. Empower CISOs to overrule business objections on grounds of cost or delay.
  5. Massively speed up the implementation processes for security solutions, from years to days.
  6. Escape from the pervasive security “monoculture” of identical controls which makes it easy for attackers. Security by obscurity is no bad thing.
  7. Design security systems to counter projected future threats, not just today’s.
  8. Recognize Ross Ashby‘s Law and harness the scalability of technology and networks to leverage security.
  9. Expect users to make mistakes. Take account of this when designing systems.
  10. Manage crises as opportunities to gain free publicity and drive through change. Smart companies can emerge stronger.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

For my two penn'orth, we have to improve our software and security engineering. We have to fix the security problems at source, quite literally, in source code. Somehow we have to get the economics right so that secure systems are built first time, rather than the current system that only favours software development costs, and time to market. Add me to your list of dreamers!