Thinking About Security, Fast & Slow

His most famous book, Thinking Fast and Slow, discusses how we have two methods of thinking - one based on immediate reactions and instinct, and another that is slower, more logical and considered.
As chief information security officers, we have to have our long-term goals around risk in mind all the time.
At the same time, IT security teams face daily changes in the threat landscape, as new issues are discovered, new ransomware gangs launch their activities, and older threats rise and fall in importance.
Weaponization for the biggest vulnerabilities in 2023 had a mean time of 44 days, so in theory, taking a slow approach and getting things right should be the order of the day.
Fast order thinking is therefore necessary to prevent these attacks, yet this can be hard to achieve across large organizations where tasks are distributed across departments.
Managing risk involves long-term planning and short-term response to fast-changing parameters.
IT Infrastructure, Fast and Slow Enterprises have very different IT platforms in place.
All of these systems will have to be managed and kept secure, but the thinking and processes that take place around them typically call for different mindsets.
These systems have to be protected against threats, yet the threat of them being affected by downtime is seen as an even bigger risk to the business.
The theoretical threat of a missed patch has to be compared with the very real risk of lost revenue.
In these circumstances, taking that logical and methodical approach to measuring risk will be necessary.
Security processes have to respond automatically when required.
As any changes take place within our CI/CD pipelines, our security processes should react in line.
Managing Risk Means Thinking Fast and Slow Together For CISOs, approaches like shift-left security should allow developers to improve security over their code and their pipelines.
These approaches rely on collaboration between security and developer teams to work.
What looks like a quick win and a way to automate security effectiveness actually relies on slow and methodical thinking around collaboration.
The greatest challenge here is that managing risk demands both fast responses and strategic thinking to be effective.
To reduce risks, CISOs have to understand issues in context and score them appropriately.
Getting a single score helps categorize risks against each other.
By looking at security with both a fast and a slow mindset, we can try to achieve the best of both worlds.


This Cyber News was published on www.darkreading.com. Publication date: Mon, 01 Jul 2024 14:00:09 +0000


Cyber News related to Thinking About Security, Fast & Slow

Thinking About Security, Fast & Slow - His most famous book, Thinking Fast and Slow, discusses how we have two methods of thinking - one based on immediate reactions and instinct, and another that is slower, more logical and considered. As chief information security officers, we have to ...
5 months ago Darkreading.com
Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps - Synopsys released Synopsys fAST Dynamic, a new dynamic application security testing offering on the Synopsys Polaris Software Integrity Platform. fAST Dynamic enables development, security, and DevOps teams to find and fix security vulnerabilities in ...
9 months ago Helpnetsecurity.com
Changing How We Think About Technology - COMMENTARY. Knowledge is power, but it is only as powerful as the way organizations implement what they've learned and the subsequent decisions they make. All too often there is a flaw in thinking that is both tactical and short term in that we don't ...
1 year ago Darkreading.com
DevSecOps: Shifting Security to the Left - This blog explains how Shifting Security to the Left introduces security in the early stages of the DevOps Lifecycle, thus fixing software bugs proactively. Throughout this process, it feels like security has been left behind a little. 'Shifting ...
1 year ago Feeds.dzone.com
Entro Security Newest Competitor in 2024 'ASTORS' Awards Program - Secrets management and monitoring are crucial components of any security program. Entro is a holistic secret security platform designed specifically for security teams and CISOs. To ensure that doesn't happen, Entro offers an exclusive secrets ...
11 months ago Americansecuritytoday.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
10 months ago Esecurityplanet.com
New Stellar Cyber Alliance to Deliver Email Security for SecOps Teams - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR has entered inao a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this ...
10 months ago Americansecuritytoday.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
10 months ago Cybersecuritynews.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
7 months ago Blog.checkpoint.com
Konica Minolta Wins Two Platinum 'ASTORS' Homeland Security Awards - ' Now in its ninth year, it continues to recognize industry leaders in physical and border security, cybersecurity, emergency preparedness management and response, law enforcement, first responders, and federal, state, and municipal government ...
9 months ago Americansecuritytoday.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
6 months ago Esecurityplanet.com
DHS Awards UAA to Launch New ADAC-ARCTIC Center of Excellence - S&T will provide ADAC-ARCTIC $46 million over a 10-year cooperative agreement to establish this Research Center portfolio for Homeland Security in the Arctic. Vital insights from academic-led innovative research will help the Department of Homeland ...
11 months ago Americansecuritytoday.com
Rugged Laptops: What Defense and First Responders Should Look For - Guest Editorial by Mike McMahon, President, Getac North America With law enforcement and first response data being targeted by bad actors and the growing threat of cyberspace being used as a theater of war, the rugged laptops used in the defense of ...
10 months ago Americansecuritytoday.com
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
1 year ago Imperva.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
1 year ago Esecurityplanet.com
Normalizing Security Culture: Stay Ready - While it may seem like self-promotion or extraneous work, it’s extremely valuable to take the extra time to summarize threats stopped, processes improved, projects completed and team members modeling strong security behavior. Most people don't ...
2 months ago Darkreading.com
With the Right Support, Developers Can Lead Your Organization to Superior PCI-DSS 4.0 Compliance - The Payment Card Industry Data Security Standard version 4.0 will change almost everything about security for any business or organization that accepts electronic payments, which is a vast majority of them. Make no mistake, this update will be ...
1 year ago Feeds.dzone.com
GigaOm's Cloud Network Security Radar Ranks Check Point as the Industry Leader - This article introduces GigaOm's inaugural Radar for Cloud Network Security and explains why Check Point was ranked as the Leader as well as a Fast Mover. Firstly, it is the cloudified version of Check Point's on-premises network security, from which ...
1 year ago Blog.checkpoint.com
Simeio Returns to Compete in 2024 'ASTORS' Awards with Simeio OI - Home IT Security Communications Simeio Returns to Compete in 2024 'ASTORS' Awards with Simeio OI. A global managed services provider offering Identity and Access Management solutions, Simeio secures over 160 million identities globally for large ...
8 months ago Americansecuritytoday.com
Strengthening Security Posture Through People-First Engagement - Regular, small doses of security education help combat the “forgetting curve,” a theory developed by Hermann Ebbinghaus that suggests people forget 75% of newly learned information within a couple of days. These statistics underscore a critical ...
2 months ago Informationsecuritybuzz.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)