The Goldilocks Dilemma: Too Much Cybersecurity Or Too Little?

Cybersecurity continues to be a hot topic these days, but it’s unclear whether CIOs are doing too much or too little to tackle the problem. Sometimes it seems as though enterprises are developing the same attitude about breaches that Californians have about earthquakes – sure, we’re vulnerable, but what are the chances of it shaking really, really bad right where I’m standing?

Consider this piece in Wired last week from Sonali Shah, vice president of products at BitSight Technologies, which company claims to provide ratings for technology risk the way a company like Dun & Bradstreet might provide credit ratings for financial risk. She writes of a real Goldilocks dilemma – some people think cybersecurity efforts are too soft, while others think they’re too hard. She cited her own company’s February 2014 survey, which found that “82% of the 460 companies assessed had an externally observable security compromise in 2013.”

(As a skeptical journalist – especially one who’s done a lot of research in the governance, risk, and compliance (GRC) space – I wonder what constitutes “an externally observable security compromise.”)

via The Goldilocks Dilemma: Too Much Cybersecurity Or Too Little? – Forbes.

———————————————-

Journal of Law & Cyber Warfare | www.jlcw.org The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners.  The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners. The Journal of Law & Cyber Warfare is honored by the world class caliber editorial board that is involved with the Journal. Thought leaders from forensics, law, warfare, and cyber security are on the Board. The Journal is always looking for interested thought leaders who believe they can contribute in a meaningful fashion to the development of cyber warfare scholarship.