The Risk Roundtable: EP 18. Security / Analytical Bias.
Play • 47 min

The Risk Roundtable crew looked at the increasingly important idea of security bias and security blindness. The group specifically looked at how bias in analysis can lead to security blindness and the minimization and exaggeration of threats. Within the analytical community it is important to note how bias exists in virtually everything and the team discussed ways in which bias could exist from the analyst, but also by those that receive the data. Andy, Jen and Dave discussed some of the root causes and how this can lead to and continue a cycle of misinformation and disinformation if not handled correctly. In fact, the more divisive our politics become, the more bias our media, the more people – politicians, the media, foreign governments, and others - fan the flames of division, the more challenging the role of the analyst can become. In the end, bias is a discussion that is encouraged to be had by all organizations to ensure they are accurately representing the threat and risk to the organization.

Next the team looked at their roulette items (Dave even shared the theme song on demand!) reminding listeners of the Microsoft Exchange Vulnerability and to update their systems. In addition, as reopenings are occurring around the world in varying degrees, it is important that organizations review security plans and processes.

Items highlighted in the Podcast:

Health ISAC Spring Summit open to members and non-members: https://h-isac.org/summits/secured-in-paradise-spring-2021-summit/
Agenda: https://web.cvent.com/event/cd1e7b44-7e38-487b-bd1f-b4f39cc82a11/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce

Troy Hunt Confirmation Bias - and good read: https://www.troyhunt.com/lets-stop-the-5g-hysteria-understanding-hoaxes-and-disinformation-campaigns/

Additional information about the Microsoft Exchange Vulnerability:  

FortiOS Vulnerability: https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios

CISA Cybersecurity Directives and Implementation Guidance Site: us-cert.cisa.govus-cert.cisa.gov


More episodes
Search
Clear search
Close search
Google apps
Main menu