Attributive Security

By: Martin Hopkins Maurice Smit
  • Summary

  • There is often a lot happening in the world of cyber security: new threats, new exploits and new products. Don’t get us wrong, there is a lot of cool technology, and we appreciate that. But, at least on the surface, a lot of the defensive advances look to be very bottom up and technology focused. It is easy to lose sight of the context, what matters to us that we want to protect, and yes even enable. Join us as we get together for unscripted conversations about a broad range of topics and relate them to cyber security. We’ll draw on various disciplines, and our own experiences, as we discuss ideas and practical approaches to tailored information security. We won’t be afraid to challenge one size fits all and best practice norms, or the misapprehension that bespoke security frameworks are infeasible for all but the biggest of enterprises. Be prepared to reimagine what an effective cyber security program can look like when it is engaged with and aligned to the business.
    Copyright 2023 Martin Hopkins, Maurice Smit
    Show More Show Less
activate_Holiday_promo_in_buybox_DT_T2
Episodes
  • #14 Is Vertical Systemic Risk a One-Way Street?
    Oct 1 2022

    If you've studied SABSA to foundation level, you may recall how systemic risk navigates the domain model. If a risk materialises in a domain, the impact it has can act on the superdomain causing a risk event to occur there. Ok, simples right? Well Maurice was recently asked if this effect can occur in the opposite direction, i.e. from a domain to its subdomain. The search for a concrete example or a contradiction started.

    In this episode we consider this question which leads to further questions about the nature of hierarchy in the domain model and co-existent parallel domain models – but no quantum entanglement (yet). Have a listen and then join the debate, or if you have the answer put an end to it.

    Show More Show Less
    40 mins
  • #13 Blindsided by an Unknown Unknown
    Nov 8 2021

    With hindsight, declaring a risk an unknown unknown is often no more than an admission of a lack of foresight, a lack of imagination. How many risks that are actually realised were really inconceivable in advance? Risk identification is a process that is resource constrained, and reasonably so. But with more time, more perspectives, more insights, more intelligence the chances are you'd have identified the risk. Perhaps to do so would have not been cost effective; or you may have decided to limit analysis and not successfully managed an outlier risk. But to declare it an unknown unknown (after the fact) is rejecting an opportunity to learn. Is it not fatalistic to shrug one's shoulders and say "How could I have known"?

    In this episode we discuss Unknown Unknowns, along with their bedfellows Known Knowns, Known Unknowns and Unknown Knowns, and their place in the identification and management of business risks.

    Show More Show Less
    37 mins
  • #12 The World is in Flux, Are You Ready to Adapt?
    Sep 21 2021

    The last two years have seen changes that few were prepared for. In the aftermath we can argue whether it was a black swan, grey rhino, or octarine unicorn event but ultimately once the overture is done what matters is your ability to adapt to the new world order. Even if you had a specific plan in place, as such events unfold the situation will likely evolve in unpredictable directions.

    Over time, change external to your sphere of control is inevitable. Some changes are large shocks that affect nations, regions or the entire world. Some only affect certain industries or a subset of business in an industry. While mitigating and planning response to known, but uncertain, events is important it is also important to avoid assumptions about future states and to build organisational structures and processes that can adapt no matter what comes over the horizon.

    In this episode, we discuss being Adaptable and Adaptive. Listen to our conversation to hear our thoughts on the maybe subtle but important differences between these very similar terms.

    Show More Show Less
    40 mins

What listeners say about Attributive Security

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.