Freddy Dezeure

Summary and conclusions of a workshop on strategic cyber metrics and board reporting, hosted by Eurocontrol,  16 September 2022.

The next level of the use of MITRE ATT&CK in an enterprise environment is what this session is about: linking threat informed defense with controls and control frameworks. This session will explore how to make sure relevant risks are mitigated in an effective and efficient manner and how to link this to controls and reporting.

This paper provides a concise overview of the results of the CSR study on digital autonomy and illustrates our strategic assessment framework by applying it in the field of artificial intelligence.

This paper presents an overview of the recommended approach for Boards when dealing with cyber risk, and of good starting points for Board cyber metrics. It is a complementary paper to one addressed to Chief Information Security Officers (CISOs) on how to best control, measure, and report cyber risk to their Boards and should be read in conjunction with that paper.

This paper presents actionable guidance for CISOs to report cyber risk and its context to their senior stakeholders, such as their Board. It describes methods that help CISOs engage in cyber risk management, communicate this effectively, and facilitate proper oversight. It is the outcome of a group of seasoned practitioners sharing their best practices in a CISO Metrics Working Group.

The Cyber Metrics Model shows building blocks and processes to collect cyber metrics, transform them into cyber risk and report them at Board level. 

Government and business community must make conscious choices when it comes to dependence on ICT products and services. This assessment framework, co-authored with Paul Timmers, supports taking appropriate measures to safeguard digital autonomy.

Digital autonomy is a topic of discussion at both national and European level. The Dutch Cyber ​​Security Council (CSR) commissioned an in-depth study of national digital autonomy. The report, co-authored with Paul Timmers, provides insights into the complex issue, illustrating it with examples and a novel assessment framework.

MITRE ATT&CK has become very popular. This presentation helps to put the framework into practice, using realistic examples, demonstrating available community tools and showing how to use analytics to identify adversarial techniques in your network. 

CISOs spend almost half of their time on compliance activities, addressing similar concerns but tailoring responses to slightly different requests. This presentation provides guidance to avoid duplication of efforts and to become more effective in managing cyber-risks, using mappings and implementing metrics. 

Summary and conclusions of a workshop on frameworks, mappings and metrics, hosted by Eurocontrol, 23 January 2020.

The MITRE ATT&CK framework has gained a lot of traction in the security community. This presentation provides an introduction to the framework at its use.

This guide explains how to comply with the GDPR while performing log management and analysis for the purpose of cybersecurity. 

This paper, co-authored with Lokke Moerel, summarizes the cyber risks in ports and provides concrete and pragmatic proposals to increase substantially the cyber maturity and resilience.

This presentation at Splunk .Conf 2017 explains the impact of GDPR on cybersecurity log file collection and goes through a breach investigation and response scenario.