Sep 27, 2016

Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If you’re up to discuss with me - I’ll offer a brief overview and then a “setup for Straight Talk”  review to explore how to get you started. It’s a real offer because I know we’ll both learn. And then I’ll get a better sense of where to focus and how to help more people in our industry.

Note on yahoo: we’ll talk to Shawn later

How are Healthcare Data Breach Victims Affected by Attacks?

• It opens with some hype: “Healthcare cybersecurity attacks are much more prevalent and common because the industry typically has weaker approaches to data security, states”
• What’s to like? Maybe? → someone is working to explore the potential actual harm from breaches
• This article, however, is just an attack
• Why it matters? People read this stuff. They reinforce it. Fiction becomes fact because it gets repeated so much
• http://healthitsecurity.com/news/how-are-healthcare-data-breach-victims-affected-by-attacks 

We're told data breaches cost millions on average - but this security study disagrees

• I routinely push back on the ponemon $$ thrown around each year
• The conclusion here concerns me - feels like we lept too far -- that now no one will invest in security?
• Stop it. That’s not what it means. It means we have to seek better alignment, understand and measure our value better, and focus on creating value instead of just doing things
• It also means maybe the regulations need to slow down a bit. They do nothing but distract focus and waste money. And yeah, I get it - this sort of “research” is a call for more regulation because otherwise, no incentive. That’s rubbish.
• http://www.zdnet.com/article/were-told-data-breaches-cost-millions-on-average-but-this-security-study-disagrees/ 
• http://www.csoonline.com/article/3120851/leadership-management/security-leaders-need-to-stop-chasing-risk-catnip.html

NIST launches self-assessment tool for cybersecurity

• Boosters say the document will help specialists explain the importance of cybersecurity to the company's bottom line — the "holy grail" of business cybersecurity. But some critics have questioned how useful it will be to smaller companies.
• “NIST Cybersecurity Framework — a document that catalogues the five areas of cybersecurity every company needs to know: identify, protect, detect, respond and recover.”  
• I like these five. Need to check out the process itself.
• It’s open for comment. Personally, I’d love to hear from our audience
  • Using the NIST framework?
  • Checking out the tool?
  • Planning to make comments?
• http://fedscoop.com/nist-launches-self-assessment-tool-for-cybersecurity 

House to vote on cyber bill for small businesses

• Like the concept, skeptical of the implementation
• SBDC is a mixed bag for businesses and startups
• What sort of “cyber” are they offering, and why?
• http://thehill.com/policy/cybersecurity/296612-small-business-cyber-bill-to-house-floor-wednesday