Tag: information security

Tag: information security

Morrisons NOT vicariously liable for employee data protection breach says UK Supreme Court
01/04/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

Firstly – This is legal information of general interest and does not constitute legal advice of any kind. On April 1, 2020, the UK Supreme Court today handed down their judgement in the case of WM Morrisons Supermarkets plc (Appellant) v Various Claimants (Respondent), case UKSC 2018/0213. The Supreme Court unanimously ruled that Morrisons were not

Read More
Cybersecurity Strategy – Organise to Operate
07/12/2019 CISO Blog, Security Advisory Blog EditoratLarge

Cybersecurity strategy is being “organised to operate”. A principle that is fundamental to developing an effective cybersecurity programme. Here’s why…

Read More
Security KRI – Are the Management Team walking around naked?
15/10/2019 CISO Blog, Security Advisory Blog EditoratLarge

Poorly defined security KRI or Key Risk Indicators can give your senior management team a false sense of security but is a fear of presenting a potentially negative picture akin to the Hans Christian Anderson tale, ‘The Emporer’s New Clothes’? In this fairytale two tailors promise their emperor a new suit and tell him that

Read More
Securing small businesses – block ‘most’​ external cyber threats with these four low-cost controls
12/09/2019 CISO Blog, Security Advisory Blog EditoratLarge

Securing small businesses is a different type of challenge to securing a larger organisation. Doing these four things could block most external cyber threats!

Read More
Security ROI: The only Board-level cybersecurity metric you’ll ever need.
04/09/2019 CISO Blog EditoratLarge

if the CISO isn’t providing their Board with a security ROI figure, then it’s quite probable the organisation is spending too much on the wrong things.

Read More
CISO role: All C and no IA, the 33% CISOs failing their organisations!
23/08/2019 CISO Blog, Operational Resilience Blog EditoratLarge

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

Read More
Security Strategy: If you want to run a SOC, you’re not ready to be a CISO
17/08/2019 CISO Blog EditoratLarge

A CISO is a strategic role, not an operational role – if you still want to run a Security Operations Centre (SOC) then (attitudinally at least) you’re not ready to be a CISO…here’s why…

Read More
CISO Reporting Line: Your CISO should not report to the CIO or the COO or the CFO…here’s my rant as to why it’s bad Joo Joo!
16/08/2019 CISO Blog, Security Advisory Blog EditoratLarge

The CISO reporting line is to 1 of 2 roles. The CRO if the CRO sits on the senior management team. If no CRO, then CISO should report to CEO directly.

Read More
Risk Management: Stop – you’re too controlling!!!
22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

Read More
BeCyberSafe: Like Charity, Cyber-Security Begins at Home
03/07/2019 CISO Blog, Security Advisory Blog EditoratLarge

Should organisations do more to help their users protect themselves against cybercrime at home? Should an internal awareness programme include some key things users could do at home which would reduce the chances of their employees succumbing to a fraudster? Do awareness programmes raise awareness of the cybercrime problem but ultimately neglect to educate users

Read More