Category: Operational Resilience Blog

Category: Operational Resilience Blog

Vulnerability Scanning – It’s not all about the High and Critical items!
12/08/2022 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Don’t blindly trust the output of automated scans. This article talks about the key mistakes made when scanning for vulnerabilities.

Read More
P&O – What’s in a Name: A Case Study in Brand Risk
23/03/2022 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations

Read More
ISO 27001:2022 – Information Classification – Is it now time for #ABIC
05/02/2022 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect

Read More
2022 – Business Leaders don’t need our security predictions, they need these recommendations!
05/01/2022 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite

Read More
What would WW3 look like if it started now? – Thinking the unthinkable to aid better Risk Management.
05/01/2022 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

When managing risk it’s easy to dismiss certain events from happening because they seem too far removed from our perceived reality. The reality is however that our perception of what we think is far from reality can be vastly skewed. Humans tend to underestimate the likelihood of certain events occurring. For example, the risk of

Read More
Business Leaders: Ransomware is actually all-around at Christmas!
10/12/2021 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

It seems to me that ransomware is everywhere. More often than not, it’s particularly undignified and highly newsworthy, but it’s always there: headquarters and subsidiaries, major organisations and SMEs, charities and financial services, logistics, aviation, ransomware is our old friend. When ransomware hits a company without good security, as far as I know, none of the phone

Read More
Know your enemy and yourself: MITRE ATT&CK and D3FEND
28/10/2021 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Sun Tzu, wrote in the Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in

Read More
Calling time on time-based billing – use service-based billing if you want to save £££
24/09/2021 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be

Read More
The Black Swan Fallacy: Why a failure of imagination is irrelevant to Resilience Planning
29/03/2021 CISO Blog, Operational Resilience Blog EditoratLarge

Every time there is a major incident, whether it be a global pandemic or a natural disaster. Whether it be an IT Outage or a bout of unseasonably hot or cold weather, the rallying cry of those trying to defend the paucity of their response to the unfolding events is now cliche: “We never thought

Read More
Denial of Suez: What can we learn about risk assessing SPOF?
27/03/2021 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Single points of failure (SPOF) creep into many business processes. Often unintentionally. Some exist from the outset but were simply not assessed, or were assessed and deemed low risk. That legacy server running a critical piece of code wasn’t legacy at the beginning. That retiring SME, the one who wrote the code, had just started.

Read More