Paul McCartney wrote “The Long and Winding Road” while the Beatles were in the throes of dissent and months away from breaking up. Listening now to the song’s yearning lyrics and plaintive melody, is it possible that Sir Paul actually anticipated the NIST Cybersecurity Framework’s Recover function, and was imagining the category titled Recovery Planning?

If at first you don’t succeed, try, try again.” Although catchy, we all know that the real keys to success after failure are reflection and adaptation, not mere persistence.

It’s been nearly two years since we addressed cyber insurance in the Cyber Tactics column, so I decided to get an update from Bob Parisi, Managing Director at Marsh.

Mike Tyson notably said, “Everyone has a plan ‘till they get punched in the mouth.” So, how do you ensure the same doesn’t hold true for your company’s incident response plan when a real breach occurs?  Enter the NIST Framework category titled Mitigation.

Albert Einstein once observed, “Not everything that can be counted counts, and not everything that counts can be counted.”

Cybersecurity is out of control. Literally. 

A significant part of incident response involves communication.

We find ourselves in the middle of football season as we tackle the NIST Cybersecurity Framework’s “Respond” function.

It takes months for most computer intrusion victims to learn they were breached.  Unfortunately, the hackers get busy much sooner, often stealing data within days if not minutes.

To quote Shakespeare, “What’s in a name?”