Dan Raywood kindly invited me to participate in an Infosecurity Magazine webinar on the eve of GDPR Day. Like most of the data protection and privacy crew who were on the radio, […]
There can be no security without data protection There can be no data protection without security Of course neither is true. These kind of click-baity absolutist positions are a pervasive internet blight […]
There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR ‘good’ is […]
Lessons learned along the way and plans to help you avoid FUD provoked GDPR investment
82% of boards are concerned about cybersecurity… …and the UK Parliament think your CEO’s salary should be linked to your firm’s cybersecurity… …but who is really accountable? This June 14th CSO Online article says boards […]
Who is viewed as formal owner of your cybersecurity risks? A poll for anyone in any organisation. This isn’t asking who should be risk owner, it’s asking who the majority of staff think owns these risks. […]
Far too many do far too little to assess and govern 3rd party security…it’s time for that to change.
First of what may turn into a series of GRC day job related posts. Here I’m highlighting challenges for anyone involved with system security audits or assessments. This isn’t about merits of various […]