Resurrecting CHAOS (Controlling Havoc and Overhauling Security) for Today’s CIOs

Byod.png
Data Fallout.png
Cloud For Dummies.png
The Manuscript.png
Hair Loss.png

Resurrecting CHAOS for Today’s CIOs and CISOs

While at CloudExpo, London last week I had the chance to chat to RedHat’s Richard Morell. He suggested that I resurrect CHAOS (Controlling Havoc and Overhauling Security) Theory from a couple of years ago as the message is still holds very true.

The term ‘chaos theory’ first came about in the 1980s as a way to ascribe order to a seemingly random set of events. And, in today’s landscape of stark contrasts between business opportunities and impending risk, CIOs and CISOs have to drive collaboration and controlled acceleration: That is where CHAOS Theory comes into play: enabling both a new order and the opportunity for CIOs and CISOs to be part of the strategic business agenda.

Most CISOs cannot state with confidence that their organization’s information assets are secure. The general processes and even toolsets in place today are not standing up to the way that we do business or the attacks we’ve seen in the last few years, so why do we assume they will be good enough for the future? Mobility and BYOD are just the beginning of the next wave of infrastructure security challenges. We need to be concerned beyond just users having left IT’s security control and focus on thee data in often unsanctioned apps. that follows these users into the public cloud. We most often think about insider threats as malicious, but these cases that most often make headlines are just the tip of the iceberg.

Well intentioned employees may be a bigger risk still as with the blurring of social and work it’s so easy to accidentally overshare sensitive enterprise data. And, if we thought it was bad enough when cyber thieves steal our data what havoc will they wreak in the Internet of Things era when they change it?

The goal with the CHAOS Theory is really to funnel user demand in a way that is far more ordered and less chaotic than today. There isn’t a single proposal or program that applies universally to all organizations but following is where you might start:

  • Rather than fight loss at the endpoint and an evaporated enterprise perimeter, instead focus on contextual identity-based controls such as location, time, what type of data, and/or threat vector to determine what resources users and devices can connect to.
  • Leverage cloud threat data feeds to make more accurate risk predictions based on an aggregate view of threats seen around the world.
  • Utilize big data-processing facilities such as HADOOP and OLAP (online analytical processing) to identify potential data breaches, data leakages and system compromise so that defensive controls can be adapted or updated in real time.

And, for CISOs looking to demonstrate the value of their teams and work to Executive and strategic business holders, consider the following:

  • Implement a metrics analysis platform to enable the CIO and CISO to act as the central point of governance and thus better quantify and qualify
  • Establish an executive forum for reviewing compliance with key business stakeholders

By Evelyn de Souza

Amazon's Varies Revenue Segments

Amazon’s Varies Revenue Segments

Amazon Revenue Amazon has become the largest retailer worldwide, however it is projected to make up less than 5% of U.S. retail sales by the end of 2020. While most people are already familiar with ...
Texture Cloud

Building a Cloud Roadmap

Cloud Roadmapping Why is it important to have a cloud roadmap? What's the best way to begin building a cloud roadmap? What points should a cloud roadmap include? Who should be included in the roadmap ...
Shells.com – Your Personal Cloud Computer

Shells.com – Your Personal Cloud Computer

Personal Cloud Computer Shells, a robust virtual desktop infrastructure, ensures better performance by enabling its users to incorporate a layer of virtualization between the control server and any device that they choose. This way, it ...
David Balaban

Ransomware – Cybercriminal Groups Know The Weak Points

Cybercriminal Groups Grow Data breaches and leaks represent a quickly growing security problem these days. When plenty of people work from home, the risk of data leaks is much higher. Cybercriminal groups know the weak ...
Robots

How DSPs can Improve Straight Through Processing Rate in RPA Implementations by up to 82%

Robotic Process Automation Digital Service Providers (DSPs) today are well placed to take advantage of next-generation technologies like Robotic Process Automation (RPA), Machine Learning, and Artificial Intelligence. As most of the smart DSPs have already ...

TECH ELEARNING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.