Home  |  About  |  Contact

Thursday, 12 Jun , 2014

Don’t Know What You Don’t Know? – For Information Security Buzz

Share this article

LinkedIn
A car crash of a cyber security sales pitch and a suggestion of a better way to win C-Level hearts and minds. Published by Information Security Buzz. An excerpt: Ever tried to sell someone on the value of a network monitoring or vulnerability scanning solution? Fun and games isn’t it.  Conversations typically go something like this:   […]

A car crash of a cyber security sales pitch and a suggestion of a better way to win C-Level hearts and minds. Published by Information Security Buzz. An excerpt:

shutterstock_1311207051
Ever tried to sell someone on the value of a network monitoring or vulnerability scanning solution? Fun and games isn’t it.  Conversations typically go something like this:
 
“Why do we need it?”
“Because we don’t know what we don’t know about network config issues, website vulnerabilities, software at risk, and attacks on the perimeter and internal network”
“Huh?”
“We need it to help protect us against cyber-attacks and minimise the risk that viruses will hurt us”
“Ohhhh, so it will stop cyber-attacks and viruses?”
“Ummm, no…”
You can read the full article here…

Data Protection, Security, and the GDPR: Myths and misconceptions #2

30 Aug

Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...

Where and to whom does the GDPR apply?

26 Apr

Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...

GDPR – You’ve analysed the gaps, but can you close them?

13 Oct

  There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...

GDPR – The Compliance Conundrum

28 Jul

There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...

Opinion: The role of automated data discovery in a GDPR programme

15 Jun

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...

When Business Culture Eats Cybersecurity For Breakfast – Part One

30 Jul

A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...

Cyber Insurers Dictating Cybersecurity Standards?

2 Apr

A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...

There Is No Such Thing As Information Security Risk

10 Oct

Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...

We welcome the Children’s Commissioner report “Who knows what about me?” which shows how children’s data is routinely collected online. The report points out that children are among the first to be ‘datafied’ from birth, including policy and practice in schools, and comments on the datafication of children in the education sector; school databases, classroom…read the full article on the Defend Digital Me blog

Read more

Children’s Comissioner on concerning use of school children’s data

13 Nov

We welcome the Children’s Commissioner report "Who knows what about me?" which shows how children’s data is routinely collected online. The report points out that children are among the first to be ‘datafied’ from birth, including policy and practice in schools, and...

The IT Asset Disposal Vicious Cycle

26 Sep

Most retired equipment is ground up for minimal financial and recycling return... ...that model is financially, environmentally, and socially unsustainable. The way we all do business is changing. Increasing numbers of staff work flexibly and use their own kit....