My RSA Conference information security book of the month review for September 2019 is…..Financial Cybersecurity Risk Management: Leadership Perspectives and Guidance for Systems and Institutions, by the very smart Paul Rohmeyer and Jennifer Bayuk.
Sutton’s law states that when diagnosing, one should first consider the obvious. It’s named after the infamous bank robber Willie Sutton, who when asked why he robbed banks, replied: “because that’s where the money is”.
Whether Sutton actually said it is a separate discussion. One should first consider the obvious in pretty much every endeavor. When it comes to information security for financial services firms, it is eminently clear that it’s an area that must be of extreme importance. In Financial Cybersecurity Risk Management: Leadership Perspectives and Guidance for Systems and Institutions, Rohmeyer and Bayuk take their extensive experience in the financial services sector and have written a pragmatic and actionable guide to making sure that information security gets done.
My full review is here on the RSA Conference web site.