It’s Not The Crime, It’s The Coverup or the Chaos

  • First, run tabletop response exercises to understand what you’d do in various breach scenarios. Then re-run those scenarios with the principals (CEO, General Counsel) so they can practice, too.
  • To reduce the odds of a breach, realize that you need continuous and integrated security as part of your operational cycles. Move from focusing on pen tests, red teams and bug bounties to a focus on threat modeling, so you can find problems systematically and early.

--

--

--

Generally blogging at adam.shostack.org/blog, but shared posts here before Medium asked me to jump through more and more hoops..

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Want to stay Cyber-Secure when working Remotely?

@nayrscrypto_ I love you @JRORZO @thumbssup @felix_soc @xiucai0125 @patterns_crypto @MetaTrippers…

{UPDATE} Alpha Tech Titan Racing Free Hack Free Resources Generator

#FridayFeedback: 2 Things I Didn’t Know on Monday

Govt wants to strengthen internal security, says Amit Shah on Bill allowing cops to collect…

Adding Cryptoasset on CMC now!

LP Staking Is Now Open!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Shostack

Adam Shostack

Generally blogging at adam.shostack.org/blog, but shared posts here before Medium asked me to jump through more and more hoops..

More from Medium

How to Appreciate Someone for Their Work

Is America getting Russia wrong? Or is Russia getting the world wrong?

50 YEARS OF REAL DRAMA!!

“What’s going on here, Menzi?” she questioned angrily, startling him to gaze back at her.