Phil Cracknell
TCybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative. Security can only be accurately assessed, if ways of managing ‘non-knowledge’ are taken into account. Anyone attempting to measure an organisation’s security posture finds that metrics are difficult to collect and don’t show the full picture. We also tend to protect against what we know and what we think we know. Knowledge does not come in volumes offering certainty to security decisions. Instead it is an incremental process in which the data reflects but never quite captures the changing security landscape. A steady conversion of unknowns to knowns! Anticipating Blind-Spots! Organisations face complex and uncertain situations every day, but the most challenging circumstances are often completely unexpected, because we never even knew to look for them. Organisations should make efforts to anticipate blind spots. We can never completely eliminate our blind spots, but they can be reduced to improve performance and prevent the mistakes that in hindsight should have been obvious
この記事をシェアする