How do you manage your #InfoSec #CyberSecurity #Privacy #Policy #Security news intake?

I’m in the process of reevaluating my news feeds. The method is much the same as evaluating Cyber Security threat intelligence feeds. Is it:

  • Timely?
  • Accurate?
  • Actionable?
  • Updated?
  • Adding value?

I categorize my information intake in several ways:

  • News
  • Analysis, Editorial & Opinion (most blogs, podcasts, and personal social media feeds)
  • Technical
  • Press releases

With all of this, I find myself overwhelmed with data. Much is redundant and not adding value. Some adds value but isn’t timely. Some opinion is fopped of as news. Branded content permeates.

What sources do you use? How to you consume them? How do you value them?

Cybersecurity in the 2017 National Security Strategy

Cybersecurity in the 2017 National Security Strategy:

The administration should be given relatively high marks for the document’s cybersecurity components—especially for recognizing the breadth of the threat and that it’s going to take more than the help desk to fix it. Admittedly, that’s a pretty low bar. But National Security Strategy documents are not known as documents where big policy innovation occurs. Instead, the best you can usually do is articulate the broad contours of the main threats to national security coupled with some rough themes about what the government will do to make things better. Here, the administration does not isolate “the cyber” to the sidelines; instead, by talking about cyber issues throughout the document, the administration shows an understanding that cyberspace is a critical part to practically every aspect of national security.

(Via Lawfare – Hard National Security Choices)

I haven’t yet had the time to read the National Security Strategy (NSS) for the US, but I have read quite a bit of the analysis (I’m okay with spoilers). The cited post above is one of the most comprehensive I’ve come across.

The two big take-aways are the surprise at the focus on cybersecurity, as talked about in the quote above, and the lack of even a mention about better protecting elections.