Excellent article on security risk management from Black Swan Security:
“…but I don’t hear any formalisation of measuring and assessing controls that are beyond the Control Tolerance of an organisation. We care about risk tolerances and exceptions, the risk owners care about these but the risk owners and the business managers also care about the ‘Control Tolerance’ or at least they care about controls beyond it.”
“If the practical risk tolerance that the security teams are working to is below the control tolerance then such a reset is inevitable. If the control implementations are below the Control Tolerance but the Risk Tolerance would practically have allowed for less stifling control environments then such a reset will likely not only reduce the impact of stifling controls but also unnecessarily increase the overall risk tolerance and associated exposure to security risk. Ironically over-zealous security controls lead to a less well-secured environment.”
Cloudflare has just announced an interesting and potential game changer for IoT-based threats:
“Orbit sits one layer before the device and provides a shield of security, so even if the device is running past its operating system’s expiration date, Cloudflare protects it from exploits. And while devices may be seldom patched, the Cloudflare security team is shipping code every day, adding new firewall rules to Cloudflare’s edge. Think of it like changing IoT to I*oT — devices can still access the Internet, but only after passing through Cloudflare where malicious requests can be filtered.
For the last year, Cloudflare has been working with a number of IoT vendors to develop Orbit. Already more than 120 million IoT devices are safer behind Cloudflare’s network. Lockitron is one of the IoT companies using Cloudflare. “Keeping our products and customers secure is our primary concern,” says Paul Gerhardt, co-founder of Lockitron. “Cloudflare provides an extra layer of security that allows us to keep our devices continually updated and ahead of any vulnerabilities.””