Opinions and advice for InfoSec professionals, managers and anyone in business who takes security seriously
There can be no security without data protection There can be no data protection without security Of course neither is true. These kind of click-baity absolutist positions are a pervasive internet blight […]
So you’ve found, sorted and mapped data, but can you implement required processing controls? #GDPR
Some time ago Jenny Radcliffe (internationally respected social engineering, people risk, and negotiations expert) asked me to be a guest on her new Human Factor podcast. I was delighted to accept. The result […]
82% of boards are concerned about cybersecurity… …and the UK Parliament think your CEO’s salary should be linked to your firm’s cybersecurity… …but who is really accountable? This June 14th CSO Online article says boards […]
In mid May we found out the Bank of Bangladesh lost a reported $81m when crooks managed to fraudulently redirect funds to shady recipients via the Swift international money transfer system. Then we […]
The first post called out fairly damning findings about the state of vendor security governance at most firms, and looked at the criticality of: Early engagement Doing triage Clarity about vendor selection […]
