Tag: ciso

calculating risk

Calculating Risk – Where’s your Confidence?!

When helping organisations navigate risk management Fox Red Risk is often faced with the task of determining methods for calculating risk. We prefer to use tried and tested methodologies but what we often find is that organisations, very rarely, are calculating risk properly. A key thing missing from the majority of implementation we see is…
Read more

virtual BCM - Fox Red Risk

Virtual CISO – Dispelling the Myths!

The virtual CISO or virtual Chief Information Security Officer is a relatively new concept and with that comes a few misunderstandings of what the client actually gets (i.e. solid cybersecurity protection for your business). The word “virtual” probably doesn’t do us any favours but let’s look at some of the more common misconceptions about a…
Read more

Cybersecurity Skills Gap

Cybersecurity Skills Gap – Who is doing the teaching…and who should provide the funding?

It seems like every other day there is yet another article highlighting the impending apocalypse of the cybersecurity skills gap. The articles often moan that it is the fault of the employer for wanting qualified personal (who knew) and then try to solve the problem essentially with the advice: Why not hire someone who wants…
Read more

asset discovery

Asset Discovery for Cybersecurity & Data Protection – You can’t protect it if you don’t know it exists!

There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should…
Read more

API Security

API Security – Are You Secure from OWASP 2019 Top 10?

Firstly, Happy New Year. 2020 is going to be an exciting year for Fox Red Risk. We have lots of cool new offerings in the pipeline to support businesses large and small in the thankless task of keeping secure. If you have resource gaps and need support, then let us know. Right, back to the…
Read more

security incident

Security Incident Avoidance – Hackers know we’re away for Christmas…

It’s that time of year where many of us will be ensuring our organisations can still deal with a security incident whilst most of the workforce are at home watching Christmas movies like Die Hard – yes, it’s definitely a Christmas Movie. Hackers know businesses are running on skeleton staff during the holiday period so…
Read more

security strategy

Strategy – Can a CISO learn from the 2019 General Election?

Security Strategy – What lessons can CISOs learn from the UK Gerneral Election 2019 when devising and delivering a security strategy? Here are three…

security awareness

Security Awareness Training Dies. My 2020 Prediction

My prediction is that 2020 will be the year security awareness training dies…and not before time…

Cybersecurity Strategy – Organise to Operate

Cybersecurity strategy is being “organised to operate”. A principle that is fundamental to developing an effective cybersecurity programme. Here’s why…

Security Audit - Low Hanging Fruit

Security Audit – Are you a ‘Quiddler’?

Are you a Quiddler? No, this is not some fanboi reference to Harry Potter (I’ll be honest I haven’t read one of the series, I’m a proper muggle!). Quiddling, however, is a very real problem in the world of Security Audit. If you want to know more, keep on reading. You could be one of…
Read more