Managing Online Risk Chapter 10 Questions


These questions are to help you apply some of the concepts, best practices, and lessons learned from the content in each chapter. You can use them in individual reflection, or present them to your security team for group feedback and discussion.

If you haven’t bought the book yet go to our “Buy the Book” tab or click here:

The Future of Online Security

  1. Which thesis of the Pew Digital Life 2025 survey do you agree with (listed on page 239)? Which ones do you not agree with? Why or why not?
  2. As you review the four future scenarios of IT security on page 242 – Figure 10.1 – what are your initial thoughts? Can you see any of them or all of them being plausible or are there other scenarios that may happen?
  3. How are you preparing your company’s IT security for the next decade of challenges?
  4. What are some of those challenges?
  5. Can you ever be prepared?

ASIS, ISSA, and Athens: 2014 National Cyber-Security Awareness Month Recap


As we delve into the security issues of protecting our identity online I got the feeling that October was having an identity crisis of its own – it is known as Anti-Bullying Month, Breast Cancer Awareness Month, and National Cyber-Security Awareness Month to begin with. But it is also Adopt a Shelter Dog Month, Apple Jack Month, Cookie Month, International Drum Month, National Diabetes Month, National Pizza Month, National Popcorn Popping Month, Seafood Month, and National Sarcastic Month, among others. Not sure how many of those you celebrated but here is my recap of some of the events I participated in for National Cyber-Security Awareness Month (#NCSAM).

From September 29 – October 2, ASIS International celebrated its 60th Annual Seminar and Exhibits Conference in Atlanta, Georgia ( From the ASIS website: “ASIS International is the preeminent organization for security professionals, with more than 38,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests.” In addition, ASIS administers three internationally accredited certifications: the Certified Protection Professional (CPP), Professional Certified Investigator (PCI), and the Physical Security Professional (PSP). I was not able to take in any of the seminars but had time to browse in the exhibit hall(s) in between meetings. It seemed every security vendor was represented with displays, demos, literature, and give-a-ways, for those who like to collect security tech stress balls and pens. But among the throng there were some tidbits worth noting – I focused on the security publications and degree programs. As an author who has written about the security skills shortage, I am always on the lookout for how we are preparing the next generation of security professionals. A few that stood out for me were:

Next on my agenda was the Information Systems Security Association (ISSA) International Conference held at the Disney World Contemporary Resort in Florida from October 22 – 23. I was honored to be asked to be the inaugural ISSA Women in Security SIG breakfast keynote. The title of my presentation was “Women and the Future of Security Leadership” but it delved into a number of current, near and mid-term security challenges and how leadership can fill the gap. The handout is available below. Besides my presentation I was able to attend two others. Here are some highlights from each:

DGonzalez_ISSA_WIS_2014 copy

  • Raj Goel ( gave a talk on “Panopticon” with a focus on the architecture of global surveillance. His basic premise is that of a cyber-civil rights activist. He believes any surveillance is suspect and did not hesitate to include Disney and the House of the Mouse as major culprits in league with the government and privacy saboteurs. He had some interesting examples of how far certain tactics can reach but we had a little disagreement about balancing irrational panic and dealing with real threats that an organization can do something about.
  • The other session I attended was the ISSA WIS Lightening Talks with Samantha Menke, Anne Rogers, and Amber Shroader. All three of these highly successful security professionals and leaders took turns discussing the current state of security concerns including mobile apps, digital forensics, the current threat-scape, the difference between fire inspectors and firemen, and growing concerns regarding the Internet of Things including what may happened when these devices begin to be connected to each other. They offered fascinating insights as well as thought-provoking questions. (

The last event was held at Athens Regional Library in Athens, Georgia, to celebrate National Cyber-Security Awareness Month (#NCSAM). I gave an author discussion regarding “online privacy, security and safety” on October 28. During the event a number of issues were explored with the participants:

  • The new world full of digital threats: breaches, hacks, social engineering and thefts, well as “Online Risks”: reputational, operational and legal plus “Consequences”: financial, penalties, loss of trust and loss of jobs.
  • Privacy defines as “a person’s right to control access to his or her personal information.” “If you put it out there on social media, consider it public.” Information collected is as much as you give them and consider about security of smart phones, tablets, cloud computing and passwords.
  • Identity theft, what to do if you are a victim of identity theft and gave resources including the Federal Trade Commission (FTC) website including consumer information. How to protect your online identity and cyber bullying.
  • Last, Cyber-bullying, the use of the Internet and related technologies, such as cell phones, to harm other people, in a deliberate, repeated and hostile manner. Tips were shared for victims of cyber bullying, both personal and in the workplace.

You can download the PowerPoint below.


As you can see it was a busy month but there were tons of events focusing on cyber-security awareness. To learn more see: It is never too early to plan for NCSAM 2015 – contact us to organize an event in your area.


Chapter 10: The Future of Online Security Summary


The concluding chapter takes a look into the future to explore the future of information security and risk management. Four possible future scenarios are presented: growth, transformation, constraint, and collapse. Then particular future concerns regarding specific technologies will be discussed including Internet of Things, drones, health and medical sensors, Big Data Analysis systems for security intelligence, and privacy evolution.