How a CISO’s Approach to Security Strategy Can Be Shaped By Philosophy

This is one of those “Hmm, made me think” articles. I drew the conclusion that I’m probably an Epicurean when it comes to my personal life but a Stoic when it comes to my professional approach to cyber risk…:

[…] To effectively manage cybersecurity risk, we can draw inspiration from the famous Stoic philosopher and slave Epictetus, who believed the greatest goal in life was to “identify and separate matters so that I can say clearly to myself which are externals not under my control, and which have to do with the choices I actually control”. Knowing what is within your control is often a matter of good governance: defining and communicating who is accountable for what.

Understanding the externals that are outside your control is the result of knowing your threat landscape: CISOs who worry about obscure hardware vulnerabilities while the entire workforce is busy clicking phishing links are rarely effective. Without either, organizations can find themselves revisiting the same unresolved risks year after year.

The stoic CISO therefore should follow this simple mantra: know thyself, undertake regular threat modelling, and outsource the management of risks you cannot control.


Original article here