Category: Operational Resilience Blog

Category: Operational Resilience Blog

Risk Management – It’s a bit like a hungry baby!
02/07/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

First things first – I am no parenting expert! Up until very recently, I thought that when a baby cries, they need one of four things…cuddles, feeding, nappy change or medical attention. Now it is still true that when a baby cries they most likely need one [or more] of those things. It is also

Read More
Operation CYGNUS – Was the UK’s Coronavirus response a failure based in assumption…?
07/05/2020 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

So much has been discussed about the Tier One Command Post Pandemic planning exercise of 2016. For those who haven’t been part of the discussion, the Public Health England, on behalf of the Department of Health delivered a pandemic planning exercise between 18 to 20 October 2016. The exercise was primarily aimed at assessing high-level

Read More
Coronavirus Load balancing – Understand it can’t be stopped. We’re just smoothing the peaks in demand.
14/03/2020 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Similar to the way your IT teams will be trying very hard to load balance the impact of all your extra remote working VPN connections, the government is trying to load balance the impact on the health service and the economy…keep calm and read on!

Read More
Calculating Risk – Where’s your Confidence?!
05/03/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

When helping organisations navigate risk management Fox Red Risk is often faced with the task of determining methods for calculating risk. We prefer to use tried and tested methodologies but what we often find is that organisations, very rarely, are calculating risk properly. A key thing missing from the majority of implementation we see is

Read More
Asset Discovery for Cybersecurity & Data Protection – You can’t protect it if you don’t know it exists!
03/02/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should

Read More
Processor Contract – How Data Processors can inadvertently become Controllers…and why it matters!
27/01/2020 DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

For those of you who deal with the wonderful document that is a data processor contract. Whether you’re on the Controller side or the Processor side, you will know there are quite a few hoops to jump through. This is because GDPR strengthened the requirements of a Controller-Processor relationship, outlined in Article 28. That said,

Read More
Supply Chain Resilience – Who are your Backup Suppliers?
13/01/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Is your supply chain resilience programme reminiscent of the article image? Aged, poorly maintained, complex, hard-to-untangle. Do you carry out due diligence at the beginning of your engagements? More importantly, do you carry out ongoing governance and oversight? Even more importantly, does supply chain resilience form part of your wider operational resilience strategy or business

Read More
Security Incident Avoidance – Hackers know we’re away for Christmas…
23/12/2019 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

It’s that time of year where many of us will be ensuring our organisations can still deal with a security incident whilst most of the workforce are at home watching Christmas movies like Die Hard – yes, it’s definitely a Christmas Movie. Hackers know businesses are running on skeleton staff during the holiday period so

Read More
CISO role: All C and no IA, the 33% CISOs failing their organisations!
23/08/2019 CISO Blog, Operational Resilience Blog EditoratLarge

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

Read More