The Next Big Thing
Posts about next generation technologies and their effect on business.

Cyber defense


I was at The Open Group conference this week and there was an interesting presentation by Larry Clinton of the Internet Security Alliance. He pointed to two recent publications that can be downloaded:


  1. The Financial Impact of Cyber Risk (50 questions Every CFO should ask)
  2. The Financial Management of Cyber Risk (an implementation framework for CFOs)

The first document provides questions for the various parts of the business to help understand their perspective of cyber security related risks to the organization (looking at a range of dimensions like cyber-crime, business continuity, data regulatory risks…). It looks at some of the items that I was asking some cloud experts about the other day.


The second document looks at what to do about some of the answers you received, but didn’t like.


As Larry Clinton stated in his presentation, the current economic incentives favor the attacker:

  • Attacks are cheap
  • Vulnerabilities are almost infinite
  • Profits from attacks are enormous
  • Defense is costly
  • Defense is often futile
  • Costs of attacks are distributed


Having said all that though, much can be done. For businesses it can be like the two guys who were camping and woken by a bear in the middle of the night. One starts to put on his tennis shoes and the other starts running. He looks back and says “Why are you putting on your shoes?”. The first guy says “I know I can’t outrun the bear, but I just need to outrun you.”


If your organization is more difficult to breach there are enough easy pick’ens out there to keep them busy, unless they really are after you.

Labels: Cybercrime| security
Showing results for 
Search instead for 
Do you mean 
Follow Us
About the Author(s)
  • Steve Simske is an HP Fellow and Director in the Printing and Content Delivery Lab in Hewlett-Packard Labs, and is the Director and Chief Technologist for the HP Labs Security Printing and Imaging program.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.