Martin Hopkins, Maurice Smit

Attributive Security

There is often a lot happening in the world of cyber security: new threats, new exploits and new products. Don’t get us wrong, there is a lot of cool technology, and we appreciate that. But, at least on the surface, a lot of the defensive advances look to be very bottom up and technology focused. It is easy to lose sight of the context, what matters to us that we want to protect, and yes even enable. Join us as we get together for unscripted conversations about a broad range of topics and relate them to cyber security. We’ll draw on various disciplines, and our own experiences, as we discuss i...

Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: www.attributivesecurity.com

Autor

Martin Hopkins, Maurice Smit

Kategoria

Business

Strona podcastu

www.attributivesecurity.com

Ostatni odcinek

25 lut 2026

Gdzie słuchać?

Podcasty w aplikacji Replaio Radio Już wkrótce

Podcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów

Pobierz z Google Play Zainstaluj za darmo Android 5 mln+ pobrań · ocena 4,8 iOS niedługo

Odcinki

#15 Enterprise (Security)? Architecture 25.02.2026

Enterprise Architecture (EA) and Enterprise Security Architecture (ESA) are viewed as distinct functions with different predominant tools, frameworks and methodologies. ESA is maybe less consistently situated in business hierarchies – is it a part of EA or a more business facing part of security. What separates them and what unites them? If you had to draw a Venn diagram, would they intersect and...

#14 Is Vertical Systemic Risk a One-Way Street? 01.10.2022

If you've studied SABSA to foundation level, you may recall how systemic risk navigates the domain model. If a risk materialises in a domain, the impact it has can act on the superdomain causing a risk event to occur there. Ok, simples right? Well Maurice was recently asked if this effect can occur in the opposite direction, i.e. from a domain to its subdomain. The search for a concrete example or...

#13 Blindsided by an Unknown Unknown 08.11.2021

With hindsight, declaring a risk an unknown unknown is often no more than an admission of a lack of foresight, a lack of imagination. How many risks that are actually realised were really inconceivable in advance? Risk identification is a process that is resource constrained, and reasonably so. But with more time, more perspectives, more insights, more intelligence the chances are you'd have ident...

#12 The World is in Flux, Are You Ready to Adapt? 21.09.2021

The last two years have seen changes that few were prepared for. In the aftermath we can argue whether it was a black swan, grey rhino, or octarine unicorn event but ultimately once the overture is done what matters is your ability to adapt to the new world order. Even if you had a specific plan in place, as such events unfold the situation will likely evolve in unpredictable directions. Over time...

#11 Risk Management is a Game of Snakes AND Ladders 02.07.2021

Is your risk management one-sided, designed to minimise the likelihood and negative impacts of uncertain events. How is the uncertainty of events with positive business impacts managed? Not by the security team or using the same risk management framework, right? Threats and opportunities both rely on uncertainty. Add factors including likelihood (or frequency) and impact to either and you derive a...

#10 Supply Chain Risk (with Vincent Thiele) 13.05.2021

News of business impacts from the realisation of cyber risks is all around us. Many of the largest breaches in recent years have involved one or more suppliers in some way. Few will be unaware of Sunburst/Solorigate, and many will have been directly impacted or know people that have been. But it is not just your direct suppliers, or your technology supply chain, that can suffer from a cyber attack...

#9 Privacy: Security's New Clothes? 06.04.2021

The desire for privacy is nothing new, but societal expectations have certainly come a long way since the middle ages. Over the last two decades many have seen additional rights enshrined in law. Businesses increasingly face sanctions for not respecting the privacy of those they associate with. Businesses have privacy related risks, they are required to protect personal data. But they also have se...

#8 Certifications - Value or Vanity 22.02.2021

The information security field is awash with certifications. To an outsider many job adverts, in what is increasingly a sellers market, are full of impenetrable acronyms. But who do all these certifications serve? Is the content relevant and do they effectively demonstrate knowledge, capability, and desire to learn? Are they a part of the supposed skills gap rather than its solution? In this episo...

#7 Risk & Risk Appetite (with Jaco Jacobs) 21.12.2020

Enlightened risk management frameworks say we should manage risks to the business within the risk appetite. But what is the risk appetite? Can anyone in the organisation articulate it beyond vague statements such as “medium risk appetite”, “prudent basis” or “risk adverse basis”? Risk appetite is dynamic, and we need to be able to change it and identify the impacts on our risk management this has...

#6 Zero Trust - Revolutionary, Evolutionary or Snake Oil? (with Chris Blunt) 26.11.2020

Do you trust your network? Did you resist the lure of cloud services and network virtualisation, content with your on premise network security, only to suffer from attackers or malware able to move laterally at will? Did you have a perimeter based, network-centric security model when the COVID-19 pandemic hit and realise that your already porous perimeter was preventing your staff from being able...

#5 SWOT - Context, Capability, Challenge & Course 29.10.2020

What threats does your project, or business, face? What opportunities have you identified that you could pursue? What strengths do you have that you can leverage to achieve your goals? What weaknesses might hold you back or cause you to fail? Underlying all of these questions, is your situation and the external factors in play. The answers influence the direction you should take. In this episode M...

#4 Business Risk & Risk Ownership (with Bill Schultz) 27.09.2020

Does the CISO own all cyber related risks to the business? It depends, but in many businesses that is the default position. Who is responsible for risk identification and analysis; identification, rating and selection of treatment options; and for managing residual risks within the defined risk appetite? Is it the security function, the business service owner, the application owner, the data owner...

#3 Compliance 09.09.2020

In our previous episode we referenced not being in business to be compliant. Of course, that doesn't mean that compliance is never important; in some instances, it is critical to maintaining a licence to operate in an industry or market. Compliance isn’t a mission, a purpose or a goal. Compliance provides some fenceposts, an approach to measurement, and in many cases a degree of reassurance. But i...

#2 Ransomware 27.08.2020

Ransomware does not appear to have fallen victim to the pandemic. On the contrary, successful attacks appear to have increased and the impacts are escalating too. Hardly a day goes by without news of another ransomware attack on a prominent organisation or further details of a previous attack are shared. Has the massive increase in remote working improved the success rate, have organised crime gro...

#1 Trust 17.08.2020

In the light of recurring instances of security issues in foundational components of modern IT and software stacks, and the superfast world our businesses are operating in, Maurice and Martin talk about trust. What can it mean to say we trust a vendor or a partner? Can we ever really trust one of the Internet giants? Can we secure trust? Join us as we explore the role of trust in organisational cy...

Słuchaj podcastu Attributive Security w Replaio

Radio i podcasty w jednej aplikacji - za darmo, bez zakładania konta. Zainstaluj już dziś i nie przegap premiery

Pobierz z Google Play

Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS