Many organisations believe cyber security risk can be managed with a set of security controls they evolve and mature over time. Organisations such as NIST, the ISO and government cyber security agencies around the world, have developed a number of standards and definitions of good practice; all are essentially grounded in the ethos that drove the development of the original standards for Information Security Management some 25 years ago.
However, the world has moved on. Standard approaches to good practice are still necessary, but they are far from sufficient to secure organisations from the threats they face today. The rules are important, but the increasing innovation and motivation of attackers makes it imperative to adapt our approach to security – and play a different game.
Richard Horne’s flagship white paper seeks to prompt a discussion about how our mindset and approach to cyber security now needs to change. It proposes 10 areas where important challenges must be confronted; this evolution will also provide some structure for innovative and disruptive technologies that are beginning to come to market but don’t fit the mould of traditional security controls.