Recently we’ve had the opportunity – quite a fun and interesting opportunity – to visit a number of information security and cybersecurity conferences. These conferences were flooded with relatively ‘new’ developments such as NextGen, the Internet of Things (IoT), IoT DDoS attacks, security intelligence platform, etc. The fact that some of these terms have become ‘hype’ is not in itself a problem, but we did begin to wonder whether the security world may be looking at things in the wrong way and thereby missing the demands that need to be addressed.
This article explores a new perspective on cybersecurity that views it as a goal in itself, rather than something that is directly connected to business needs. As it stands now, it seems that too many security organizations are missing the mark.
Lesson 1: Start with the business (and its risks)
Security in practice can be exceptionally complex, but its essence is quite simple. Security