Fox Red Risk
The Cyber Security and Data Protection Consultancy
Category: Operational Resilience Blog
Category: Operational Resilience Blog
P&O – What’s in a Name: A Case Study in Brand Risk
What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations
Read More
ISO 27001:2022 – Information Classification – Is it now time for #ABIC
Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect
Read More
2022 – Business Leaders don’t need our security predictions, they need these recommendations!
It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite
Read More
What would WW3 look like if it started now? – Thinking the unthinkable to aid better Risk Management.
When managing risk it’s easy to dismiss certain events from happening because they seem too far removed from our perceived reality. The reality is however that our perception of what we think is far from reality can be vastly skewed. Humans tend to underestimate the likelihood of certain events occurring. For example, the risk of
Read More
Business Leaders: Ransomware is actually all-around at Christmas!
It seems to me that ransomware is everywhere. More often than not, it’s particularly undignified and highly newsworthy, but it’s always there: headquarters and subsidiaries, major organisations and SMEs, charities and financial services, logistics, aviation, ransomware is our old friend. When ransomware hits a company without good security, as far as I know, none of the phone
Read More
Know your enemy and yourself: MITRE ATT&CK and D3FEND
Sun Tzu, wrote in the Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in
Read MoreCalling time on time-based billing – use service-based billing if you want to save £££
When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be
Read More
The Black Swan Fallacy: Why a failure of imagination is irrelevant to Resilience Planning
Every time there is a major incident, whether it be a global pandemic or a natural disaster. Whether it be an IT Outage or a bout of unseasonably hot or cold weather, the rallying cry of those trying to defend the paucity of their response to the unfolding events is now cliche: “We never thought
Read More
Denial of Suez: What can we learn about risk assessing SPOF?
Single points of failure (SPOF) creep into many business processes. Often unintentionally. Some exist from the outset but were simply not assessed, or were assessed and deemed low risk. That legacy server running a critical piece of code wasn’t legacy at the beginning. That retiring SME, the one who wrote the code, had just started.
Read More
We need to talk about Information Security Policy…
I’m sure you’re already well on the way to planning your 2021…what it’s December already? Yup, the annus horribilis that is 2020 is coming to an end. With multiple vaccines in the pipeline, 2021 should [hopefully] be a year where we can get things back to normal. Well, a new normal! Whilst 2020 has placed a number of restrictions
Read More