Poorly defined security KRI or Key Risk Indicators can give your senior management team a false sense of security but is a fear of presenting a potentially negative picture akin to the Hans Christian Anderson tale, ‘The Emporer’s New Clothes’? In this fairytale two tailors promise their emperor a new suit and tell him that…
Read more
Firstly, this is legal information about cookie consent, not legal advice… The judgement of the CJEU case C-673/17 is now doing the rounds and as one has come to expect when it comes to Data Protection recently, there is a lot of hot air and bluster about what the ruling means. Is this some form of paradigm shift in…
Read more
Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours…
Read more
Once an organisation understands the technical debt borrowed by its project managers the more likely projects will deliver the expected outcomes.
Securing small businesses is a different type of challenge to securing a larger organisation. Doing these four things could block most external cyber threats!
if the CISO isn’t providing their Board with a security ROI figure, then it’s quite probable the organisation is spending too much on the wrong things.
In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about…
Read more
A CISO is a strategic role, not an operational role – if you still want to run a Security Operations Centre (SOC) then (attitudinally at least) you’re not ready to be a CISO…here’s why…
The CISO reporting line is to 1 of 2 roles. The CRO if the CRO sits on the senior management team. If no CRO, then CISO should report to CEO directly.
I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.
