Tag: security

Tag: security

Data Breach: 10% of affected businesses closed down in 2019…or did they…?
23/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

I know there is a rush to get things out the door and I am very grateful for those who report on data breach stats but this article from Dark Reading piqued my interest: 10% of Small Businesses Breached Shut Down in 2019. Whenever I see a statistic like this I am always a little

Read More
Security KRI – Are the Management Team walking around naked?
15/10/2019 CISO Blog, Security Advisory Blog admin

Poorly defined security KRI or Key Risk Indicators can give your senior management team a false sense of security but is a fear of presenting a potentially negative picture akin to the Hans Christian Anderson tale, ‘The Emporer’s New Clothes’? In this fairytale two tailors promise their emperor a new suit and tell him that

Read More
Climate Change Solved: GDPR mitigates climate change risk!
01/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours

Read More
Securing small businesses – block ‘most’​ external cyber threats with these four low-cost controls
12/09/2019 CISO Blog, Security Advisory Blog admin

Securing small businesses is a different type of challenge to securing a larger organisation. Doing these four things could block most external cyber threats!

Read More
Security ROI: The only Board-level cybersecurity metric you’ll ever need.
04/09/2019 CISO Blog admin

if the CISO isn’t providing their Board with a security ROI figure, then it’s quite probable the organisation is spending too much on the wrong things.

Read More
CISO role: All C and no IA, the 33% CISOs failing their organisations!
23/08/2019 CISO Blog admin

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

Read More
CISO Reporting Line: Your CISO should not report to the CIO or the COO or the CFO…here’s my rant as to why it’s bad Joo Joo!
16/08/2019 CISO Blog admin

The CISO reporting line is to 1 of 2 roles. The CRO if the CRO sits on the senior management team. If no CRO, then CISO should report to CEO directly.

Read More
Are Organisations Getting their Pen Test BADLY Wrong?!
12/04/2018 CISO Blog, Security Advisory Blog admin

The whole point of penetration testing (pen testing) is to identify how vulnerable an organisation’s technology infrastructure is to attack. I suspect, however, anecdotally, that a lot of organisations have lost sight of this goal and are now opting for a; vendor-led, paint-by-numbers pen test consisting of maybe one of two high-profile Internet-facing applications. I’m not saying this is a systemic issue but from my observation over the last few years, it seems this approach to pen testing is pretty widespread and I think we desperately need a return to pen testing’s ethical hacking roots…

Read More