Are you a CISO who doesn’t want to rock the boat? Maybe you feel like to be collaborative you need to let the business units just get on – standing in their way will lead to conflict and bad relationships right? You just want to be seen as helpful…nice even? Well, Robert Axelrod’s seminal work…
Read more
In the research for my latest book (this new one is on leadership) I came across the German cultural philosophy of “Ordnung”. It appears to be a significant part of the German way of life. For the history buffs, it appears to originate with the German Monk, Martin Luther (Not to be confused with Dr…
Read more
In this digital age, the lines between the virtual and the real world are increasingly blurring. We’ve all heard tales of a friend who got hacked. Perhaps, you’ve even been a victim yourself? As educators, navigating this digital world is hard enough without having to manage a cyber attack on top! Multi-Factor Authentication (MFA) is…
Read more
Anyone who has operated at the CISO level will know there is a finite budget, which is small. There are constantly changing threats and an ever-growing market of solutions. Navigating the landscape requires a keen sense of prioritisation, a profound understanding of risk, and the ability to communicate value to leadership. It is not just…
Read more
Don’t blindly trust the output of automated scans. This article talks about the key mistakes made when scanning for vulnerabilities.
Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling this…
Read more
What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations…
Read more
Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect…
Read more
At the end of 2019, I wrote an article “Security Awareness Dies – My 2020 Prediction” where I talk about how the way organisations go about awareness training is not a great return on investment. The core message was that information security professionals should think about awareness differently. We need to take the opportunity that…
Read more
It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite…
Read more
