Orchestra's Blog

Vulnerability scanning, penetration testing and red teams are the main detective controls for residual cyber risk – i.e. the risk that remains given controls already in place. Vulnerability scanning...

Cybersecurity is moving away from using threats, vulnerabilities and exploits as the management metaphor towards risk-based cybersecurity management. Using risk terminology, penetration testing is a standard detective control used...

Lack of standard metrics to measure, manage and benchmark cyber risk limits security efficiency and effectiveness, making it difficult to prioritize and coordinate cyber defenses Single security truth from...

Organizations’ cyber security stack consist of 100-150 different disconnected point tools or technologies making it difficult to assess and act on the big picture. Organizations based their security operations...

In today’s modern world business needs are constantly shifting, IT and cyber risk landscape require a constant stream of attention and resources. CISOs role isn’t just about security, but...

ITIL (IT Infrastructure Library) is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL is used by CIOs (especially...

I am a subscriber to the NIST cyber security framework school of thought. Even though it is officially called the “Framework for Improving Critical Infrastructure Cybersecurity” it isn’t just about securing...

A value-driven approach to cyber security would help businesses understand where to spend their cyber security budget, and how much to budget. One way to estimate how to spend...

Visibility is context. Analytics combine context with events. Policy translates that into a ”plan of action implemented by controls. Another way to put it is “Given” a context, “When”...

Cynefin is a sense making framework that divides problem response into simple, complicated and complex. The goal is choose the right response paradigm so that when a problem occurs the...

What is a Platform? The word “platform” even though it is used quite often, is a chameleon word – meaning different things in different contexts and to different people....

There are three business types that lend themselves to becoming a platform – infrastructure management businesses, product innovation and commercialization businesses, and customer relationship businesses [from John Hagel’s post...

Another option for starting a platform is a pure platform play, in essence, “let’s bet the bank that we guessed right approach”. This is an expensive approach since you...

The best way to create a platform combines an immediate solution approach with an emergent platform play. It requires a market ripe for a platform (see my earlier post...

Creating a platform is the embodiment of the chicken and egg problem. If there are no consumers – producers have no one to sell to. If there are no...