Simplifying cybersecurity: From risk assessment to recovery

Cybersecurity can often be perceived as complex, and it can be challenging for security leaders to communicate its importance to non-security professionals. One effective way to simplify security for such professionals is through the use of analogies. We all take risk-based decisions every day, and we all think about security every day. For instance, you think did you lock your door and windows at night? Should you travel to a particular place due to the geopolitical conditions in that area? Have you worn a seat belt before driving the car? Did you proactively perform a check of the elevator in your apartment complex? There is tremendous symmetry between the physical and cyber world. Almost every security decision and risk that we think about in the physical world can be directly mapped to the cyber world. A good cybersecurity framework, such as ISO or NIST, CSF, can help ensure that we are doing everything that we should be. NIST CSF is particularly easy to understand and quantify the overall security posture.

An analogy that can be used to tie the cyber and physical world together is to think of yourself as a diamond merchant in a bad neighborhood.