Design and Implement a Meaningful Cyber Security Risk Appetite Statement: PART 1_The Current Narrative
Our collective attitude as cyber security professionals and the ways in which that attitude weakens organizational trust and security.
Look at the image below and find "facilities" at the bottom, right.
You will see three "arms" of facilities: office products, waste disposal and cleaning.
Imagine that the "waste disposal" professionals in your organization all have a "Captain Save-a-Business" attitude, where they truly believe organizations would be rendered completely impotent if they were not there to properly dispose of waste.
Actually, this attitude would be kinda right! And here's why...
Research shows that exposure to improperly handled waste can cause:
- skin irritations,
- blood infections,
- respiratory problems,
- growth problems, and even
- REPRODUCTIVE issues!
You can literally compromise your ability to populate the EARTH if you do not follow the regulations and organizational policies for proper waste disposal.
In addition, being in violation of federal and state waste disposal LAWS and REGULATIONS risks not only the environment and your health, but it also jeopardizes your FINANCIAL STABILITY. In some cases, companies and individuals might even face criminal charges and prison time.
In 2017, the EPA reported a staggering number of violations, with a total of 153 years of incarceration for individual defendants in violation of environmental laws, plus fines of $2,829,202,563 for individuals and corporations in NONCOMPLIANCE."
Waste disposal is serious business and waste disposal professionals are necessary because they PROTECT all humans in the organization, and the very important, MISSION-CRITICAL WORK that each person performs daily.
Below are the Top 3 Deadliest Pathogen Attacks: (similar to our endless list of cyber attacks)
- Bubonic Plague is the most common form. Those infected develop fever, headache, chills, and weakness and one or more swollen, painful lymph nodes (called buboes). Bubonic plague usually results from the bite of an infected Siphonaptera present in the physical environments of organizations that fail to prioritize waste disposal.
- Hantavirus is spread by the Rattus that are attracted to organizations and businesses that don't put waste disposal first, thereby increasing the risk that you will breathe in microscopic fecal matter and virus-carrying particles from urine and saliva that has become aerosolized. Hantavirus causes severe infections of the lungs (with cough and shortness of breath) or kidneys (with abdominal pain, and sometimes kidney failure).
- Zika Virus is a flavivirus spread by Culicidae in the Aedes genus. While the disease caused by Zika virus isn't particularly dangerous for most people, it can cause serious complications for fetuses and innocent newborns of women and couples who work in organizations that fail to adhere to the warnings of waste disposal professionals.
Are you still with me?
Have I used enough fear, uncertainty and doubt (FUD) to convince you to (1) hire a Chief Waste Disposal Officer (CWDO), and (2) create an ecosystem of certificate and certification companies to ensure we hire trained and certified waste disposal professionals?
Good!
Now, we can create conferences like BLACKPlague, DISEASE CON and Hack the HUMAN where Red Team waste disposal professionals (and criminals who intentionally spread disease) compete to find new and innovative ways to flood simulated bodies with pathogens that weaken immunity and stealthily bypass health controls put in place by the Blue Team. The Blue Team wins if the body's immunity and healthy choices can withstand the Red Team's pathogen attacks.
The Red Team or criminal hackers win when they can OWN the nervous system of simulated bodies, thereby controlling behavior.
Of course, employees and users (or those not in the waste disposal profession) are the weakest link because they consistently and stupidly fail to keep disease, plague, and sickness out of organizations. (yes, this is nonsense, but's let's continue)
These insider threats or Carriers must be identified and controlled, so we do the following (among other things):
- Create organizational policies, training and practices that validate their ignorance (so we have enough proof that they are the main problem) and
- Promote "accountability" (which is actually blame) by requiring they complete compliance training every year, monitoring and controlling the kind of trash they bring into the organization, where they throw it, how long it's left in the trash, the shape and color of trash recepticles, and every other control we can research and recommend as a best practice.
The friction and diminished performance caused by FUD, "gotcha-training", and limitless regulatory requirements are largely ignored by Chief Waste Disposal Officers and other waste professionals because the alternative is clearly DEATH...for the person and the business.
Everything written above regarding diseases, causes, regulations and potential threats is 100% true, but the talented, aware, professionals who do the very important and critical work of waste disposal are not typically the self-absorbed, bumptious megalomaniacs engrossed with an imaginary story and inner dialogue of their pedestalized importance to organizations and businesses.
I'm talking to and about you, cybersecurity professional, if you feel that your job is to protect and secure the business that pays you.
In the next post (PART 2), we will entertain a new narrative that starts with the truth, but requires no FUD, blaming, investment in exaggerated problems or belief in fictional solutions to gain the results that we all want and deserve as professionals and as digital citizens who live out our lives in the physical and cyber space.
In the final post (PART 3) we will map out the natural process of creating a well-communicated cyber security risk appetite statement that is fully desired and supported by leaders and employees at all levels of the business/organization.
Comments
Post a Comment