Is It Worth the Time?

Brilliant. Requires no commentary. Just read and digest it.

Source here: xkcd: Is It Worth the Time?

Cloud Tech Sales: Emotional Intelligence and Emotional Influence

Think of emotional intelligence as empathy and understanding the emotional state of others and how to navigate the emotions. Awareness. Think of emotional influence as deftly using this information to your advantage. Emotional influence then becomes a powerful marketing technique that aims to persuade potential customers by appealing to their emotions rather than logical arguments. When it comes to selling cloud computing technologies, some common emotions that can be appealed to include:

1. Security: Many people are concerned about the security of their data and the risk of cyber attacks. By highlighting the robust security measures in place for cloud computing technologies, you can appeal to people's desire for peace of mind and protection.
2. Convenience: Cloud computing technologies offer convenience by allowing users to access their data and applications from anywhere, at any time. By emphasizing this convenience, you can appeal to people's desire for flexibility and ease of use.
3. Cost-effectiveness: For businesses, moving to the cloud can be a cost-effective way to reduce IT costs and improve efficiency. By highlighting these cost savings, you can appeal to people's desire to save money and be financially responsible.
4. Innovation: Cloud computing technologies can enable businesses to be more agile and innovative by providing access to the latest technologies and enabling them to scale quickly. By emphasizing the potential for innovation, you can appeal to people's desire to be at the cutting edge and stay ahead of the competition.

My wife and I became enthralled with the artful selling on a recent trip. She quickly googled to find an excellent article written by Jillian Ilao found on fitssmallbusiness.com titled "6 Emotional Selling Techniques to Drive Buying Decisions" 

Jillian powerfully concludes with this: 

How Effective is Emotional Selling & What are its Benefits?

Emotional selling is very effective in terms of revenue generation. Therefore, as part of your sales management process, you must train new sales reps on the emotion-based sales tactics most effective and appropriate for your products or services.

Some 70% of customers are likely to buy a product when an advertisement appeals to their emotions. They are also more likely to recommend brands they feel connected to, with 71% of customers recommending a brand based on emotional connection. Furthermore, brand loyalty also increases as 81% of emotionally engaged consumers say they enjoy giving back to a brand they are loyal to.

The importance of firmware security in cloud computing

Firmware is the low-level software that controls a device's hardware, and it is an important part of cloud computing systems. Firmware security is essential because it helps to protect against attacks that can compromise the integrity and availability of cloud computing systems.

One of the main risks of insecure firmware is the potential for attackers to gain unauthorized access to a system. For example, an attacker could exploit a vulnerability in the firmware to gain access to a device's network, allowing them to intercept data or launch further attacks. Insecure firmware can also make it easier for attackers to plant malware or backdoors, which can be used to maintain ongoing access to a system.

Firmware security is also important because firmware updates can introduce new vulnerabilities. If an organization fails to properly test and validate firmware updates, they may be introducing new vulnerabilities into their systems. This is particularly problematic in cloud computing environments, where multiple tenants may be sharing the same hardware.

To address these risks, it is important for organizations to implement robust firmware security measures. This can include performing regular security assessments to identify vulnerabilities, implementing robust change management processes for firmware updates, and implementing safeguards to prevent unauthorized access to firmware.

In addition to these measures, organizations should also consider using secure boot and trusted platform module (TPM) technologies to help ensure the integrity of their firmware. Secure boot helps to prevent unauthorized software from being run on a device, while TPM allows for the secure storage of cryptographic keys and other sensitive information. 

Firmware security is an important consideration for organizations that use cloud computing. By implementing robust firmware security measures, organizations can help to protect against attacks that can compromise the integrity and availability of their systems.

The evolution of the Lockheed Martin kill chain

The Lockheed Martin Kill Chain is a framework used to describe the stages of a cyber attack, from initial compromise to exfiltration of data. The concept of a kill chain has been around for decades, but the specific model developed by Lockheed Martin has become widely adopted in the cybersecurity industry.

The Lockheed Martin Kill Chain has evolved over time as the tactics and technologies used by attackers have changed. Initially, the focus was on traditional network attacks, but the rise of mobile devices and the Internet of Things has led to the inclusion of additional stages to cover these types of attacks.

The original Lockheed Martin Kill Chain consists of seven stages:

1. Reconnaissance: This is the first stage of the attack, where the attacker gathers information about the target. This may include researching the target's employees, network infrastructure, and potential vulnerabilities.
2. Weaponization: In this stage, the attacker creates a means of delivering the payload (e.g., malware or exploit) to the target.
3. Delivery: The payload is delivered to the target, usually via email or a malicious website.
4. Exploitation: The payload is executed, allowing the attacker to gain access to the target's system.
5. Installation: In this stage, the attacker installs any necessary tools or malware on the target's system to maintain control and access.
6. Command and control: The attacker establishes a means of communicating with the compromised system and issuing commands.
7. Actions on objectives: The attacker carries out their intended objectives, such as stealing data or disrupting services.

In addition to the seven core stages, the Lockheed Martin Kill Chain model also includes three additional stages that can occur before or after the core stages:

1. Pre-attack: This stage includes activities such as supply chain attacks or the insertion of hardware backdoors.
2. Post-attack: This stage includes activities such as data exfiltration and the destruction of evidence.
3. Reroute: This stage includes activities such as redirecting the attack to a different target or disrupting the kill chain.

The Lockheed Martin Kill Chain model is a valuable tool for understanding the different stages of a cyber attack and for identifying potential points of intervention. By understanding the different stages of the attack, organizations can implement targeted defenses and responses to mitigate the risk of a successful attack.

21 skills that will pay you forever

This was shared with me. Posting so that I remember this and share with others.

21 skills that will pay you forever 

1. Ability to sell and negotiate.
2. Ability to convey what you think and feel.
3. Ability to break a process down into smaller steps.
4. Ability to shut up, listen and learn from others.
5. Ability to adapt, improvise and overcome obstacles.
6. Ability to read, understand and memorize.
7. Ability to walk away.
8. Ability to manage time effectively.
9. Ability to stay positive and optimistic.
10. Ability to make decisions based on facts not based on emotions.
11. Ability to speak in front of large audience.
12. Ability to keep trying even after failure.
13. Ability to invest money on yourself.
14. Ability to take action regardless of your situation.
15. Ability to self-analysis.
16. Ability to learn how to learn.
17. Ability to understand what others feel.
18. Ability to remain consistent.
19. Ability to master your thoughts.
20. Ability to write words to persuade and influence others.
21. Ability to ask for help.

Most Requested Compliance Documents

Indicator of what’s important around the world.

Current: Monthly Selected Authority Documents - September, 2022 - Unified Compliance

Monthly Updates & History: Monthly Updates Archives - Unified Compliance

Top 10:

1. NIST CSF 1.1
2. CIS Controls, V8
3. ISO 27001-2013
4. EU General Data Protection Regulation (GDPR)
5. NIST SP 800-53 R5
6. Sarbanes-Oxley Act of 2002
7. PCI DSS v3.2.1
8. ISO/IEC 27701:2019
9. Cloud Controls Matrix, v4.0
10. ISO 27002 

Summary of All Data Breaches 2004-2022

The pictures speak for themselves. It's interesting..... Looking at the average data sensitivity for all records lost each year, ranked according to the simple scale below, you get this chart. 

Data source: World’s Biggest Data Breaches & Hacks — Information is Beautiful

Data sensitivity

1. Just email address/Online information
2 SSN/Personal details
3 Credit card information
4 Health & other personal records
5 Full details

By number of records lost

Putting it together

IT Audit Process: Identify blind spots & streamline operations

I created this to use as a backdrop for discussions around the IT audit process with a focus on identifying blind spots and streamlining operations.

Top Leadership Tips! XL Management Post

 I brought up the Tuckman model of team phases while coaching an OKR session for a new team. The purpose was to encourage them to anticipate - and perceive as normal - a little chaos and contention. 

A quick Google search later to send a funny video, and I ran across this excellent list. I copied it here and cleaned it up. 

TOP LEADERSHIP TIPS

1: Be familiar with the phases of Teamwork. Tuckman’s forming, storming, norming, and performing model.

2:.If you want good leaders to lead teams give them the tools to do it. Train and manage the process of leadership building.

3: If you want followers (team members) train them to work together – manage the process and monitor progress.

4: Support the process from the very top but be prepared to be lonely. Leading is often a lonely role – the buck stops with you.

5: Give each leader and each team identity to hold onto. A reason to be proud of membership and an acknowledgment of achievement.

6: Foster the identity to increase group/team cohesion. Leading and following are not always doom and gloom. Make business fun – work hard play hard.

7: Establish The Norms You Want. It is imperative to agree on the core norms setting ground rules to prevent problems later on.

8: Clearly define roles and responsibilities in order to establish boundaries and set expectations governing relationships.

9: Establish key group/team processes. Meetings, decisions, brainstorming, timekeeping, and problem-solving.

10: Everyone’s time is valuable. If you don’t expect your team to waste your time – don’t waste theirs. Give power to the team on the ground – trust in their judgment. They are the ones delivering the goods.

11: Truly great leaders have mastered courtesy along with being bold, courageous, dynamic, and visionary.

12: Communicate, communicate, communicate. But above all get to the point! Make sure you get the message out to your audience – don’t waffle. Do not leave people wondering what all the slides were about when there was only one point to be made. Leaders have a knack for cutting through the BS and simplifying the solution so that everybody can embrace it.

13: Don’t be afraid to give bad news. Every company has bad news – it makes the good news look better too.

14: If you want your team to be engaged, committed and good followers say thank you! You expect team members to be cohesive and achieve great things; when they do, thank them. As General Colin Powell (US Army retired) once said “Organization doesn't really accomplish anything.  Plans don't accomplish anything, either.  Theories of management don't much matter.  Endeavors succeed or fail because of the people involved.  Only by attracting the best people will you accomplish great deeds.”

15: Integrity counts. Neither your customer nor your team is wedded to you so they need to believe and trust in you.  

16. Never doubt your own vision – you are the leader, and you are expected to know all the answers until proven differently. And remember optimism multiplies if fostered.

17. Being responsible sometimes means pissing people off. It’s better to get the right thing done in the right way than to let your team believe that mediocrity is good enough. Keep looking below the surface – even when what is below may not be palatable.

18. Be happy with your team bringing problems and complaints as well as the good news. The day this stops either means they don’t care or have lost confidence in you.

19. Advisors have their place. But at the end of the day, it is your judgment that counts. Separate data from judgment and constantly reference your own hard-won insight.

20. Pick good followers for now and leaders for tomorrow. Formulate your list of criteria and be choosey who you work with. Make sure each person ticks most if not all of the key boxes. E.g. Intelligence, judgment, insight, loyalty, integrity, and a high-energy drive.

ASD-ISM Updated! September 2022

Just in case you missed it! Posting here for my own use.... 

Information Security Manual (ISM) | Cyber.gov.au

Download

Information Security Manual (September 2022) 2.59 MB .pdf

Information Security Manual (September 2022) 3.67 MB .docx

System Security Plan Annex Template (September 2022) 102.31 KB .xlsx

Cloud Controls Matrix Template (September 2022) 158.04 KB .xlsx

Download Everything: Information Security Manual (September 2022) 47.18 MB .zip