The Cyber Threat

Actionable Intelligence For Your Enterprise

OODA: Observe Orient Decide Act Faster Than Your Adversaries

OODA is the famous fast-paced decision-making model that emphasizes out-thinking your adversaries. First captured by Colonel John Boyd to articulate fighter pilot success models, it has been applied to international business, cyber security and just about any competitive environment.

Applying OODA methodologies to your business can help accelerate your products to market and help you beat the competition. This is especially important in the age of ubiquitous computing we all find ourselves in.

OODA is also the name of a new consultancy designed to optimize your actions.

The consultancy OODA helps clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future.

OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley. Matt and Bob have been collaborating for two decades on advanced technology, intelligence, and security issues.  Our team is capable of providing advanced intelligence and analysis, strategy and planning support, investment and due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.

For more see: OODA.com

 

These Best Practices Will Stop 90% Of The Cyber Threat

The leadership of our consultancy Crucial Point have been working to enhance the security posture and mitigate cyber risks for over a decade, successfully operating across multiple sectors of the economy to help leaders thwart dynamic adversaries. In doing so we have found most businesses can take steps to raise defenses before calling in the experts.

The nine steps below, taken from the Crucial Point Best Cybersecurity Practices page, can help kickstart the defense of any firm.

These steps are:

  1. Use a “framework” that will guide your action. Our favorite one is the NIST Cybersecurity Framework, but there are many. This framework will help guide your policies, procedures, contracting and incident response.
  2. Work to know the threat. Knowing the cyber threat will help you more rapidly and economically adjust your defenses. We wrote a book to help you do this. Find it at: The Cyber Threat
  3. Think of your nightmare scenarios. Only you know your business and only you can really know what could go wrong if the worse happens. Use these nightmare scenarios to help determine what your most important data is, this is going to help prioritize your defensive actions.
  4. Ensure you and your team are patching operating systems and applications. This sounds so basic, and it is so basic. But it is too frequently overlooked and it gets companies hacked, again and again. So don’t just assume it is going on. Check it.
  5. Put multi-factor authentication in place for every employee. Depending on your business model, you may need to do this for customers and suppliers too. This is very important for a good defense.
  6. Block malicious code. This is easier said than done, but work to put a strategy in place that ensures only approved applications can be installed in your enterprise, and, even though anti-virus solutions are not comprehensive, ensure you have them in place and keep them up to date.
  7. Design to detect and respond to breach. This means put monitoring in place and also use proper segmentation of your systems so an adversary has a harder time moving around.
  8. Encrypt your data. And back it up!
  9. Prepare for the worse. Know what your incident response plan is and make sure it is well documented and reviewed. Ensure it includes notification procedures.

Those are just the first few steps. But please put them in place!  By following community best practices you can make an immediate difference in your own security posture. These are, for the most part, things you can do yourself for very little cost.

To accelerate your implementation of these best practices, or to independently verify and validate your security posture and receive detailed action plans for improvement, contact Crucial Point here and ask about our CISO-as-a-Service offering.

Threat References Threat Feeds Twitter News Feed Get The Book Other Great Cyber Threat Books Top Cyber Sites