This Friday 5 is a couple of articles that I thought to be share-worthy this week:
" The two most important ways to defend against security threats" by Roger Grimes
Roger makes a great point that information security needs to focus on root causes rather than individual threats and vulnerabilities. He goes on to argue that patching and awareness training are the 2 key ways to improve security in any organization. I like his risk-based approach to patching and it's worth a read (especially considering how much of a challenge patch management is for many organizations).
" Apple, Cisco Strike Partnerships for Cyber Insurance" by Jeremy Kirk
An interesting story about Apple and Cisco partnering with existing cyber insurers to offer reduced premiums on cyber insurance to organizations using best practices (and Apple and Cisco products). While this may be viewed as a way to sell more products for both companies, I feel it is the beginning of an evolution toward insurance policies that are priced according to the level of cyber maturity of the organization.