re: 4 Steps For Proactive Cybersecurity
Mr. Dittrich's blog post was extensive and thought provoking. While reading through it though, he repeatedly referenced the one critical aspect of past work and discussion on the issue which seemed to in its own way support Mr. Bardin's (CSO Online) proposal of "active defense." That is that the CISO world has been in discussion since the mid 1990s with no definitive agreement or recommended course of mitigation. Any person or company so immobilized by lack of decision as to do nothing over the course of 15 years will likely fall victim or fail. Absolute minimums then is to do the analysis, assess the risks, and don't forget to take action on the results.