Enterprises can manage, mitigate and monitor their cyber risks by mapping threats and adversary tactics, techniques and procedures to known vulnerabilities. Ultimately, the goal is to have a scalable, reproducible metric for risk.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Fellow at the R Street Institute. He is also a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University and a Board Member of the Journal of National Security Law and Policy.
Subscribe to this Lawfare contributor via RSS.
Congress may soon consider whether or not to create a Bureau of Cyber Statistics. They should do so in a manner that gives the new bureau sufficient authority and capability to create a new, effective federal statistical agency. The implementing legislation will need to resolve several practical questions, which we review here.
Cybersecurity meets the insurrection.
As is my annual custom, this song is both thanks to all those who serve our country and a reminder of why they serve—to "secure the blessings of liberty." This year, with so much strife in the world, it seems worth remembering those who sacrifice for our nation.
My best wishes to all Lawfare readers for a warm and wonderful holiday season and a happy new year.
How, if at all, can users be confident that the systems on which they rely will function as they are supposed to?
The Cyberspace Solarium Commission recommended that Congress establish a Bureau of Cyber Statistics. How should this body be organized?
What should be done in a post-Trump world to restore the rule of law?