RISK & CYBERSECURITY

In most organizations you are constantly upgrading your security controls. This is for many reasons, including: New threats induce higher risk exposure and r...

It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is wrong, however, to ...

I have run organizations, large and small, local and remote, for many years. I have been the beneficiary (and victim) of many management and leadership appro...

In this coming decade there will be 5 major themes that differentiate great security programs, products, features and processes. These are different from ove...

I've been thinking more about mega trends applied to risk, specifically operational risk (people, process, technology & external events). Planning for these ...

Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their competitors are in an...

It can be hard to effectively assess, with a suitable degree of rigor, the security of your suppliers, counter-parties or companies you are about to invest i...

The Bank of England has recently released a sequence of consultation papers, after an earlier discussion paper, laying out a framework for operational resil...

It’s that time of year for all the predictions of what to expect for the next year, and now - the next decade. I’m generally not a fan of these - they’re eit...

For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should read to develop thei...

A critical measure of success for most security roles is the ability to influence. I’ve often found people think influence skills are innate - you have them ...

The management of insider threats is a complex and often under-thought process - people who work on it appreciate the subtlety and difficult trade-offs. Some...