From SC Magazine:

Ciluffo appeared at the RSA Conference on a panel to discuss the Solarium Commission. Fellow panelist Paul Rosenzweig, of the R-Street institute but not of the Commission, said his primary hope for legislation from the Solarium recommendations was for a Bureau of Cyber Statistics to aid in data-driven decision making.

“We can tell you qualitatively what we think works. We can talk about how it’s better to have passwords than not, or that two-factor authentication or multi-factor authentication is good. But we can’t tell you how good,” he said. “If I gave you $5 million, and said, ‘spend this on improving the security of an enterprise,’ the average CISO couldn’t actually put numbers to a proposal to decide whether or not to do threat hunting or better training of employees.”

Featured Publications