Assorted links 2025-03-17

March 17, 2025

1. Cyber insurance is no silver bullet for cybersecurity

“Regulators and businesses hope cyber insurance will drive stronger security practices. In reality, a narrow focus on mitigating financial loss makes it an unreliable solution”

This is a fascinating statement and article. Risk management is grounded in losses, and cybersecurity losses in the context of insurance are explicitly financial. Also, insurance in general is not intended to be a silver bullet, but one of several tools used to manage risk.

2. A simple framework for predicting where the InfoSec market is heading using cyber-insurance (Thread Reader version)

3. Reddit thread on CISO reporting

4. Outcomes are hard

Twitter Facebook LinkedIn

Assorted links 2025-03-19

March 19, 2025

1. Shapeshifting Chrome extensions

Assorted links 2025-03-09

March 9, 2025

1. Crafty Camel, a threat targeting the UAE

The more labels you have for yourself, the dumber they make you. Permalink

March 8, 2025

One of Paul Graham’s best.

Defining security outcomes

February 13, 2025

I’ve long viewed incidents as one of an organization’s very best tools for measuring everything from cybersecurity effectiveness, to overall operational maturity. Unsurprisingly, I’d also recommend using incidents to define and understand security outcomes (i.e., whether your costly security-related investments are getting the job done).

by Keith McCammon

Assorted links 2025-03-17

You May Also Enjoy

Assorted links 2025-03-19

Assorted links 2025-03-09

The more labels you have for yourself, the dumber they make you. Permalink

Defining security outcomes