CTOlabs

OODA: The consultancy inspired by the modern military’s greatest strategist

by

Are you in business to succeed? Do you compete to win? You very likely already know the importance of getting into the head of your competitors. Outthinking your competition is a strategic advantage.

The greatest model for fast decision in adversarial environments was articulated by Air Force Colonel John Boyd, a fighter pilot who expressed a dynamic loop he named OODA, for Observe, Orient, Decide and Act.

OODA is a model so critical to operational success in the modern world we named our consultancy after it. OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future.

OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley. Matt and Bob have been collaborating for two decades on advanced technology, intelligence, and security issues.  Our team is capable of providing advanced intelligence and analysis, strategy and planning support, investment and due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.

OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future. OODA provides services in the domains of Security, Technology and Opportunity. For more visit OODA.

Cybersecurity Best Practices

by

This list is from Crucial Point:

  1. Use a “framework” that will guide your action. Our favorite one is the NIST Cybersecurity Framework, but there are many. This framework will help guide your policies, procedures, contracting and incident response. The NIST framework divides actions you need into categories of: Identify, Protect, Detect, Respond, Recover.
  2. Work to know the threat. Knowing the cyber threat will help you more rapidly and economically adjust your defenses. We wrote a book to help you get a quick baseline on the threat (see TheCyberThreat.com). Since the threat is dynamic you need continuous information. Sign up for our daily ThreatBrief and our weekly Cyberwar and Cybersecurity Review.
  3. Think of your nightmare scenarios. Only you know your business and only you can really know what could go wrong if the worse happens. Use these nightmare scenarios to help determine what your most important data is, this is going to help prioritize your defensive actions.
  4. Encrypt your data. And back it up! Prioritize this protection on your most important data. This will help mitigate the risks of your nightmare scenarios.
  5. Ensure you and your team are patching operating systems and applications. This sounds so basic, and it is so basic. But it is too frequently overlooked and it gets companies hacked, again and again. So don’t just assume it is going on. Check it.
  6. Put multi-factor authentication in place for every employee, including on their use of cloud based services. Depending on your business model, you may need to do this for customers and suppliers too. This is very important for a good defense.
  7. Configure your DNS to make it harder on the bad guys. There are simple configuration changes you can put in place that will greatly reduce the risk of malicious code and privacy attacks. See DNS Configuration Tips Here.
  8. Configure your email to make it harder to be spoofed/phished. By using widely used configurations called DMARC you can significantly reduce the chance that your email will be spoofed and your partners or employees tricked because of you. Learn more about DMARC here.
  9. Use a password manager, at work and at home, and encourage every employee to do the same. Our recommendation: Dashlane.
  10. Block malicious code. This is easier said than done, but work to put a strategy in place that ensures only approved applications can be installed in your enterprise, and, even though anti-virus solutions are not comprehensive, ensure you have them in place and keep them up to date.
  11. Prepare for the worse. Know what your incident response plan is and make sure it is well documented and reviewed. Ensure it includes notification procedures.
  12. Design to detect and respond to breach. This means put monitoring in place and also use proper segmentation of your systems so an adversary has a harder time moving around.
  13. Ensure you are able to communicate with others in a way that cannot be monitored by criminals/hackers. This is important in day to day business and urgent in incident response. Our recommendation: Wickr.

Reducing digital risk requires far more than the list above. But this list will get you started on a good foundation for continued improvement and will help you make an immediate difference in your security posture. We would strongly encourage you to take advantage of a free consultation with one of our experts. To start that process, contact Crucial Point here.

The Cyber Threat: The site capturing the many resources of the book

by

The book The Cyber Threat has an online reference site by the same name designed to make it easy to click to any online reference mentioned in the book.

Sub sections include

  • Cybersecurity books, including the most reputable references for cyber defenders
  • Cyber threat intelligence references, with links to information and sources
  • Online references to defensive information that can accelerate your defensive moves

Find more at TheCyberThreat.com

 

CTOvision: Context for the enterprise technologist

by

CTOvision.com provides insights into what is coming next, helping enterprise technology professionals make sense of the rapidly changing world of IT.

The site writes about technology, with a focus on technology of relevance to enterprise technologists. The blog was founded by current editor and publisher Bob Gourley. Bob is also author of The Cyber Threat.

The premier CTOvision publication is a monthly technology review, sent to over 33,000 technology thought leaders. This monthly summarizes reporting from the blog as well as tech trends from the IT industry.

For deeper background on the changing environment the threat (and you) operate in, dive deep into Cloud ComputingArtificial IntelligenceMobilityBig DataRoboticsInternet of Things and Cybersecurity. Track those and more in the Things Cyber Tech Landscape.

 

Track The Emerging World of IoT With Things Cyber

by

Things Cyber provides insights into the rapidly changing world of the Internet of Things (IoT) and the many related tech trends driving us all forward.

Things Cyber reviews all the key components of the Tech Landscape, providing insights into Cyber Threats, succinct recommendations on Protecting Your Information, reviews  of the most interesting Tech Enabled Entertainment (including Sci-Fi), reviews of Books and Tech Gear,  and reviews of the best Tech Training. 

Computer security should be easy on users and this site shares insights into the world of security in ways directly relevant to all. Dive into cybersecurity in the Things Cyber Protect Yourself section.

For more see: ThingsCyber.com

Threat Intelligence Review Site

by

The Threat Intelligence Review is designed to do one and only one thing. It is a reference to the most useful providers of cyber threat intelligence.

There is also a place for you to submit new feeds.

That’s all!

To view the reference see: ThreatIntelligenceReview.com

Our Other Sites On The Net

by

The following is an overview of key Crucial Point LLC web properties:

Security

Tools

  • BobsDNS – How we manage our site registrations.