Tag: security as a service

Tag: security as a service

Virtual CISO – Dispelling the Myths!
22/02/2020 CISO Blog, Security Advisory Blog EditoratLarge

The virtual CISO or virtual Chief Information Security Officer is a relatively new concept and with that comes a few misunderstandings of what the client actually gets (i.e. solid cybersecurity protection for your business). The word “virtual” probably doesn’t do us any favours but let’s look at some of the more common misconceptions about a

Read More
Securing small businesses – block ‘most’​ external cyber threats with these four low-cost controls
12/09/2019 CISO Blog, Security Advisory Blog EditoratLarge

Securing small businesses is a different type of challenge to securing a larger organisation. Doing these four things could block most external cyber threats!

Read More
Security ROI: The only Board-level cybersecurity metric you’ll ever need.
04/09/2019 CISO Blog EditoratLarge

if the CISO isn’t providing their Board with a security ROI figure, then it’s quite probable the organisation is spending too much on the wrong things.

Read More
CISO role: All C and no IA, the 33% CISOs failing their organisations!
23/08/2019 CISO Blog, Operational Resilience Blog EditoratLarge

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

Read More
Security Strategy: If you want to run a SOC, you’re not ready to be a CISO
17/08/2019 CISO Blog EditoratLarge

A CISO is a strategic role, not an operational role – if you still want to run a Security Operations Centre (SOC) then (attitudinally at least) you’re not ready to be a CISO…here’s why…

Read More
CISO Reporting Line: Your CISO should not report to the CIO or the COO or the CFO…here’s my rant as to why it’s bad Joo Joo!
16/08/2019 CISO Blog, Security Advisory Blog EditoratLarge

The CISO reporting line is to 1 of 2 roles. The CRO if the CRO sits on the senior management team. If no CRO, then CISO should report to CEO directly.

Read More
InfoSec CPE: If you pay for your infosec specialists’ membership fees why aren’t you reviewing their annual CPE transcripts?
28/07/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.

Read More
Risk Management: Stop – you’re too controlling!!!
22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

Read More
Are the big GDPR fines finally coming into land – and does it matter?
08/07/2019 CISO Blog, DPO Blog EditoratLarge

So what was my prediction? Well, based on previous major data breaches (such as the TalkTalk breach) I hypothesised that, it seems to take the ICO around 12-18 months from a major incident occurring, to the ICO carrying out an investigation and subsequently issuing a fine…and then of course the inevitable appeal wrangling for reduction of the original fine amount. Therefore, if there were to be an in-scope breach on the 26th May 2018 it would likely be between May and November 2019 before a large fine would be finally agreed.

Read More
BeCyberSafe: Like Charity, Cyber-Security Begins at Home
03/07/2019 CISO Blog, Security Advisory Blog EditoratLarge

Should organisations do more to help their users protect themselves against cybercrime at home? Should an internal awareness programme include some key things users could do at home which would reduce the chances of their employees succumbing to a fraudster? Do awareness programmes raise awareness of the cybercrime problem but ultimately neglect to educate users

Read More