An old fashioned tale of reporting lines impacting effective communication, missing due diligence, disgruntled insiders, social engineering, technical risk blinkers, political incident response and risk owners not being armed with the information they need.
Wild Speculation & IT Transformation – A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security.
It looks entirely possible you will have ‘adequate’ security dictated by your insurers, so it is your job to understand the risk based yardstick they’re using to define that
There is no such thing as Information Security risk. There are just business risks that have one or more security or IT related causes.
Mystifying online privacy policies, frenzied Facebook data harvests and the ‘right to be forgotten’. Can they work together and how easy is it for users and businesses to find the right side of the law?