Michael Chertoff Discusses How CISOs Must Focus on Risk Management, Not Risk Elimination
In a recent article from Security Magazine, the Honorable Michael Chertoff (Co-Founder and Executive Chairman of the Chertoff Group and U.S. Department of Homeland Security Secretary from 2005 to 2009) talks about how enterprises must focus on risk management rather than risk elimination. The number and sophistication of threat actors has increased, the scale of cyberattacks grows larger, and the surface area of cyberattacks has widened. It’s impossible to eliminate every threat, but those threats can be managed.
Chertoff’s article examines the nature of current threat actors, how security should work similarly to an immune system, how CISOs need to communicate their concerns to boards and management, and how IoT, AI, and changing international norms will affect us going forward. Chertoff also includes 10 Commandments of Cybersecurity.