Tag: cybersecurity

Tag: cybersecurity

Asset Discovery for Cybersecurity & Data Protection – You can’t protect it if you don’t know it exists!
03/02/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should

Read More
Security Incident Avoidance – Hackers know we’re away for Christmas…
23/12/2019 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

It’s that time of year where many of us will be ensuring our organisations can still deal with a security incident whilst most of the workforce are at home watching Christmas movies like Die Hard – yes, it’s definitely a Christmas Movie. Hackers know businesses are running on skeleton staff during the holiday period so

Read More
Cybersecurity Strategy – Organise to Operate
07/12/2019 CISO Blog, Security Advisory Blog EditoratLarge

Cybersecurity strategy is being “organised to operate”. A principle that is fundamental to developing an effective cybersecurity programme. Here’s why…

Read More
Security KRI – Are the Management Team walking around naked?
15/10/2019 CISO Blog, Security Advisory Blog EditoratLarge

Poorly defined security KRI or Key Risk Indicators can give your senior management team a false sense of security but is a fear of presenting a potentially negative picture akin to the Hans Christian Anderson tale, ‘The Emporer’s New Clothes’? In this fairytale two tailors promise their emperor a new suit and tell him that

Read More
CISO role: All C and no IA, the 33% CISOs failing their organisations!
23/08/2019 CISO Blog, Operational Resilience Blog EditoratLarge

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

Read More
Security Strategy: If you want to run a SOC, you’re not ready to be a CISO
17/08/2019 CISO Blog EditoratLarge

A CISO is a strategic role, not an operational role – if you still want to run a Security Operations Centre (SOC) then (attitudinally at least) you’re not ready to be a CISO…here’s why…

Read More
CISO Reporting Line: Your CISO should not report to the CIO or the COO or the CFO…here’s my rant as to why it’s bad Joo Joo!
16/08/2019 CISO Blog, Security Advisory Blog EditoratLarge

The CISO reporting line is to 1 of 2 roles. The CRO if the CRO sits on the senior management team. If no CRO, then CISO should report to CEO directly.

Read More
Are the big GDPR fines finally coming into land – and does it matter?
08/07/2019 CISO Blog, DPO Blog EditoratLarge

So what was my prediction? Well, based on previous major data breaches (such as the TalkTalk breach) I hypothesised that, it seems to take the ICO around 12-18 months from a major incident occurring, to the ICO carrying out an investigation and subsequently issuing a fine…and then of course the inevitable appeal wrangling for reduction of the original fine amount. Therefore, if there were to be an in-scope breach on the 26th May 2018 it would likely be between May and November 2019 before a large fine would be finally agreed.

Read More