Conversations in Risk-Based Security

Bobby Dominguez

Internet entrepreneur & über geek who groks e-commerce, IT security, risk & privacy management. I'm into caffeinated beverages, Padrón cigars, 18-yo single malt scotch, and dark beers.
Find me on:

Recent Posts

The Cloud 9 of Threats & Solutions

Posted by Bobby Dominguez on Sep 16, 2016 3:41:31 PM

If you’re in business in 2016, your company most likely uses Cloud services of one kind or another.  You can’t avoid the Cloud, whether personally or for your business.  But with so much empowerment and capability, who wants to avoid it?  However, security remains a serious concern for organizations using the Cloud. The shared, on-demand nature of Cloud computing compounds the ever present  the possibility of security breaches.  Mitigating Cloud risks starts by identifying the top security threats you may face.

At a recent EC Council Global CISO Forum, Lynx Technology Partners' Chief Strategy & Security Officer, Bobby Dominguez,  described some of the most relevant threats as well as risk mitigation techniques that may help your organization function in the Cloud and reduce the risks associated with this rapidly growing technology segment. The discussion not only focused on the threats, but potential solutions, including specific examples of what you can do to manage your Cloud risks.  The presentation titled, "The Cloud 9 Threats & Solutions in 2016," can be found here.

Read More

Topics: Security, Cloud, Shadow IT

Using the NIST Cyber Security Framework to Build Your IT Risk Program

Posted by Bobby Dominguez on Aug 22, 2016 2:56:42 PM

Creating a robust IT risk management program is critical in every business.  It is what will guide your security program, compliance regime, and even the decisions you make in selecting technology or business services. But before you can run, you have to walk.  Understanding the key elements of the NIST Cyber Security Framework (CSF) and focusing on best practices for applying the CSF will prepare you to implement an IT risk program.

Read More

Topics: Risk Management, NIST Cyber Security Framework, cybersecurity

Nostradamus Predicts 2020?

Posted by Bobby Dominguez on Jul 18, 2016 4:07:28 PM
Nostradamus?  Not quite...  but, UC Berkeley's Center for Long-Term Cybersecurity has produced a set of scenarios - not predictions - that describe future possibilities, exploring how emerging and unknown forces may shape our future.  These scenarios not only describe possibilities, but also describe the security implications. "They provide a framework for questions we should be asking today to ensure a more secure information technology environment in the future."

Read More

Topics: Security

How To Build Your Risk Management Program Using the NIST CSF

Posted by Bobby Dominguez on Jun 24, 2016 7:56:46 PM

Simply put, risk is the product of probablity times impact.  A risk-based security strategy and IT Risk Management Program is created in order to make smart cybersecurity decisions that will enable the business to make the best cyber security investment and staffing decisions based on the probablity of an event, and the impact that event will have on the business operations. 

Read More

Topics: Risk Management

Cognitive Powers or More Hype for eGRCs?

Posted by Bobby Dominguez on Jun 22, 2016 10:23:08 AM

I recently read an article, "The Transformative Power of Cognitive GRC," from the Open Compliance and Ethics Group (OCEG).  The OCEG is a global, nonprofit think tank that claims to have invented GRC, and develops standards and other resources.  They have a lot of good content if you're planning to deploy an enterprise GRC.

In this article, I find it interesting that the proponents of eGRCs continue with the “you ain’t seen nothing yet” perspective…  or "we’re just gonna add one more widget," or "one more integration or one more capability and we’ll have a wonder tool that will do everything!"

The primary problem with these approaches is that they want to boil the ocean. 

Read More