RISK & CYBERSECURITY

Risk quantification, in any field, is not an end in itself. It exists to compel some action. That action might be to drive decisions or...

Not all risks are possible to fully mitigate in every context, so you need to record and manage those residual risks. These are often put...

The codebreaking and overall intelligence success of Bletchley Park in World War II is legendary. Ultra, along with broader Allied...

In most organizations you are constantly upgrading your security controls. This is for many reasons, including: New threats induce higher...

It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is...

I have run organizations, large and small, local and remote, for many years. I have been the beneficiary (and victim) of many management...

In this coming decade there will be 5 major themes that differentiate great security programs, products, features and processes. These...

I've been thinking more about mega trends applied to risk, specifically operational risk (people, process, technology & external events)....

Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their...

It can be hard to effectively assess, with a suitable degree of rigor, the security of your suppliers, counter-parties or companies you...

The Bank of England has recently released a sequence of consultation papers, after an earlier discussion paper, laying out a framework...

It’s that time of year for all the predictions of what to expect for the next year, and now - the next decade. I’m generally not a fan of...