Saturday, August 23, 2014

The Continuing Pain of Cybercrime Explained in One Simple Graph


Let the line A show the rate at which we are increasing the following variables:
  • number of people with cyber skills
  • the amount of resources devoted to deterring cybercrime
  • the level of regulatory compliance
  • the national resolve to address the problem
  • international resolve to address the problem
Now let line B show the rate at which the following are increasing:
  • number of people on the Internet
  • number of things on the Internet (IoT)
  • the ease of use and accessibility of cybercrime tools
  • the number of people prepared to engage in cybercrime
Graph these over time and you can see C = the pain of cybercrime. The more we can increase the upward angle of A, while reducing the upward angle of B, the less cybercrime we will experience.

Just to be clear, globally speaking, C is a net negative. Cybercrime can be positive for criminals and their immediate economic environs, such as communities with limited options for legal employment of a gainful nature. However, C undermines the primary factors by which the upward angle of A can be increased: economic prosperity and political stability.

Saturday, August 09, 2014

Is this your Sample Information Security Policy?

If you or your organization is the original creator of the following Sample Information Security Policy then I would like to hear from you: 
Every organization needs an Information Security Policy (although they may call it something different). When used appropriately the organization's whole approach to security will be guided by the policy document, a copy of which may well be requested during discussions around mergers, partnerships, and bids for new business. I have discussed the role and importance of security policy in several webinars, including this one directed at small and medium sized businesses.