From 1f5b682ccae12f676dcc3a88a023fd2de5d2772f Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Thu, 31 Oct 2024 17:51:18 -0500 Subject: [PATCH 1/5] Remove unused contribute page --- _config.yml | 1 - contribute.md | 7 ------- 2 files changed, 8 deletions(-) delete mode 100644 contribute.md diff --git a/_config.yml b/_config.yml index ccdda1b..77ae111 100644 --- a/_config.yml +++ b/_config.yml @@ -34,7 +34,6 @@ masthead_links: About: '/about/' Blog: '/' Resources: '/resources/' - Contribute: '/contribute/' Security Differently: '/security-differently/' Archive: '/archive/' diff --git a/contribute.md b/contribute.md deleted file mode 100644 index ed42fbc..0000000 --- a/contribute.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -layout: page -title: Contribute ---- -If you'd like to contribute to this website, you can [fork](https://help.github.com/en/github/getting-started-with-github/fork-a-repo) the `https://github.com/information-safety/information-safety.github.io` [repository](https://github.com/information-safety/information-safety.github.io), add your content and and issue a [pull request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). - -You can also join the [LinkedIn Group](https://www.linkedin.com/groups/8431965/). From 0a20b432fa51af2e7368340f6e303a6c1008982d Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Thu, 31 Oct 2024 18:01:44 -0500 Subject: [PATCH 2/5] Remove security-differently page --- _config.yml | 1 - security-differently.md | 41 ----------------------------------------- 2 files changed, 42 deletions(-) delete mode 100644 security-differently.md diff --git a/_config.yml b/_config.yml index 77ae111..941c85f 100644 --- a/_config.yml +++ b/_config.yml @@ -34,7 +34,6 @@ masthead_links: About: '/about/' Blog: '/' Resources: '/resources/' - Security Differently: '/security-differently/' Archive: '/archive/' # Disqus settings diff --git a/security-differently.md b/security-differently.md deleted file mode 100644 index 087d994..0000000 --- a/security-differently.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -layout: page -title: What is Security Differently? ---- -Security Differently is a new evidence-based cybersecurity practice adapted from safety. By shifting the focus from preventing incidents to improving performance, security changes from a cost to an investment that can be measured directly. - -There are two core principles of Security Differently: - -- Instead of preventing bad outcomes and behaviors, promote good outcomes and behaviors (learning over compliance) -- Security is a shared responsibility (the security team doesn't create security) - -How does this work in practice? The table below highlights key differences between Traditional Cybersecurity and Security Differently: - -|Traditional Security|Security Differently| -|:-------------------|:-------------------| -|Large security team|Small or no security team| -|Success defined by absence of security incidents or breaches|Success defined by presence of security capacities (smaller attack surface, faster patching, MFA)| -|Directs how work is done|Supports work as done| -|Constrains performance|Improves performance| -|Security team is responsible for security|Security is a shared responsibility across the organization| -|Security is focused on compliance with external rules and regulations|Demonstrating security to outside stakeholders is a separate activity| -|CISO is blamed for a breach|Breaches are an opportunity for learning| -|Poor security engagement|High security engagement| -|Security creates controls, policies, and procedures to prevent mistakes|Security provides tools and environments to support security work| -|CISO has overall responsibility|CEO has overall responsibility| -|Security team creates security|Operations and Development create security| -|Training focused on awareness and compliance|Training focused on behaviors that promote security and learning| -|Security is a cost|Security is an investment| - -## Further Reading - -Blog posts on Security Differently, newest first: - -{% assign sd_posts = site.posts | where: "tags", "Security Differently" %} - From ad8ddb73f13f8f91de1bcffe6ab439a6923783d3 Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Thu, 31 Oct 2024 18:02:06 -0500 Subject: [PATCH 3/5] Add notice link to security-differently --- _config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/_config.yml b/_config.yml index 941c85f..a821e0d 100644 --- a/_config.yml +++ b/_config.yml @@ -5,6 +5,9 @@ url: https://www.information-safety.org paginate: 3 baseurl: "" permalink: pretty +notice: > + Interested in applying lessons from safety to security? + Learn more at [security-differently.com](https://www.security-differently.com)! # Gems plugins: From 99a5dcc3b03d964119457e0ccf1af5f7d82d8f19 Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Thu, 31 Oct 2024 18:26:44 -0500 Subject: [PATCH 4/5] Remove reference to contribute page --- _posts/2015-11-20-information-safety-launch.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2015-11-20-information-safety-launch.md b/_posts/2015-11-20-information-safety-launch.md index 44842ee..aab68fa 100644 --- a/_posts/2015-11-20-information-safety-launch.md +++ b/_posts/2015-11-20-information-safety-launch.md @@ -7,4 +7,4 @@ comments: true --- Three years in the making, `information-safety.org` is finally launching. As I have studied and learned more about safety, I've become increasingly convinced that the Information Security world can benefit from safety risk management methods. I've started this site to both share what I'm learning and to invite others to join in the search. -We're hosted on [GitHub](https://github.com/information-safety), to encourage collaboration and continuous development. You can currently read more [about](/about/) information safety, peruse a collection of [resources](/resources/) on safety risk management, [contribute](/contribute/) directly to the website, or join the [LinkedIn group](https://www.linkedin.com/groups/8431965/). +We're hosted on [GitHub](https://github.com/information-safety), to encourage collaboration and continuous development. You can currently read more [about](/about/) information safety, peruse a collection of [resources](/resources/) on safety risk management, or join the [LinkedIn group](https://www.linkedin.com/groups/8431965/). From 50c189d9cea5bd1292c12f97d07082ee7e2faf8a Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Thu, 31 Oct 2024 18:27:09 -0500 Subject: [PATCH 5/5] Replace reference to security-differently page --- about.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/about.md b/about.md index 2c46181..ddea7b6 100644 --- a/about.md +++ b/about.md @@ -15,4 +15,4 @@ Information Safety is my personal blog focusing on adapting safety science to te ## Security Differently -[Security Differently](/security-differently/) adapts concepts from [Safety Differently](https://www.google.com/books/edition/Safety_Differently/KGDiEAAAQBAJ?hl=en) and [Safety-II](https://www.england.nhs.uk/signuptosafety/wp-content/uploads/sites/16/2015/10/safety-1-safety-2-whte-papr.pdf) to Cybersecurity. +[Security Differently]({% post_url 2023-10-31-security-differently %}) adapts concepts from [Safety Differently](https://www.google.com/books/edition/Safety_Differently/KGDiEAAAQBAJ?hl=en) and [Safety-II](https://www.england.nhs.uk/signuptosafety/wp-content/uploads/sites/16/2015/10/safety-1-safety-2-whte-papr.pdf) to Cybersecurity.