In most organizations you are constantly upgrading your security controls. This is for many reasons, including: • New threats induce higher risk exposure and require new forms of mitigation • New assets or business processes change the risk profile requiring better controls • Old controls, or wider mitigation frameworks, may have newly discovered flaws • Current controls might be harming organization agility or efficiency in the context of business goals • New legal, regulatory or c...| Risk and Cyber
Many well-known security incidents appear to have a common pattern. They are not the result of some awesome attacker capability to exploit some hitherto unknown vulnerability or to realize a risk from some combination of controls weakness not contemplated. Rather, a remarkably common pattern is that the control or controls that would have stopped the attack (or otherwise detected/contained it) were thought to be present and operational but for some reason were actually not - just when they were| Risk and Cyber
The highest-performing teams have one thing in common: psychological safety — the belief that you won’t be punished when you make a mistake. Studies show that psychological safety allows for taking moderate risks, speaking your mind, being creative, and sticking your neck out without fear of having it cut off — just the types of behavior that lead to market breakthroughs. So how can you increase psychological safety on your own team? First, approach conflict as a collaborator, not an ad...| Harvard Business Review