We security practitioners recognize this approach to discussing cyber-risk as FUD — senselessly spreading fear, uncertainty and doubt. Aside from the factual presentation of vulnerabilities and exploits, the what-does-this-mean-to-me aspects of the presentation left much to be desired. But why let facts get in the way of a good scare?
Cyber-security is simply not good television drama. It never has been. Even movies using cyber-security as a sub-plot feature car chases and gun battles. As professionals, we need to call out the FUD for what it is, and present informed and accurate analyses of the threats to and vulnerabilities inherent in our critical information and technology infrastructure.
That takes critical thinking and empirical analysis. Help defeat senseless fear-mongering, and drive back the FUD monster wherever you find him.
John McCumber is a security and risk professional, and is the author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, please e-mail John at: Cool_as_McCumber@cygnusb2b.com.