Page 3 - Cyber Defense eMagazine September 2018
P. 3

3


                             @MILIEFSKY






          From the


   Publisher…






                 CyberDefense.TV is live and growing with more interviews each month…





          Dear Readers

          I have just returned from CloudSEC Europe 2018 where I shared the stage with some brilliant panelists. We
          discussed the ever-evolving role of the CISO. One of the items we agreed would become very important, is
          the standardization of measurements for risk to organizations. There's a new standard on the block, called
          FAIR - which stands for Factor Analysis of Information Risk (FAIR) and is emerging as the standard Value at
          Risk (VaR) framework for cybersecurity and operational risk. It is hosted and managed by The FAIR Institute
          , a non-profit professional organization dedicated to advancing the discipline of measuring and managing
          information  risk,  located  at  https://www.fairinstitute.org/.  Membership  is  free,  just  like  subscribing  to  our
          eMagazines,so what are you waiting for?


          FAIR provides information risk, cybersecurity and business executives with the standards and best practices
          to help organizations measure, manage and report on information risk from the business perspective. The
          FAIR Institute and its community focus on innovation, education and sharing of best practices to advance FAIR
          and the information risk management profession. I've always been a strong proponent of standardization in
          Information Security - from the CVE (common vulnerability and exposure) standard for documenting 'holes' in
          our computing equipment, software, hardware and networks to CWE (common weakness enumeration) - a
          way to better understand how to write great code - writing software with security best practices by avoiding
          leaving  exploitable  flaws  in  your  compiled  code.  This  standard  is  one  to  learn  about  and  share  in  your

          organization.

          Some of the areas I consider critical include looking for and measuring risk around People, Apps, Networks,
          Computing equipment, Code and Data (plus the databases where we find the data).  I call this PANCCD – yes
          another acronym – this time I invented it and I’ll share more about it in upcoming articles.  There will absolutely
          be more to come on the topic of making cybersecurity measurable so stay tuned!

          Gary S.Miliefsky, CEO
          Cyber Defense Media Group
          Publisher, Cyber Defense Magazine
   1   2   3   4   5   6   7   8