Cybersecurity spending is like roulette – too much left to chance. Is it time to re-inject the intelligence and level the risk playing field, by changing the game?
She-ra. Space hosting. Status Quo. The Usual Suspects. TEA and Taylor Swift…what I said and didn’t have time to say at BSides London
Did you think you were a driving god when you first passed your test? Are you 100% compliant with the latest security standards? Could there be parallel lessons to apply to mitigating InfoSec risks?
When it comes to cyber, information, IT (or whatever you choose to prefix it with) security, where do you draw a compliant and cost-effective line? Where, between gold-plated and the status quo, is good enough?
Are you seriously going to ask your milkman the same security questions as your network hosting partner?
Of course not. But between those extremes, companies have a world of pain working out how much vendor and change assurance is enough…
The why, what, how and what next of security policies. Now with a riposte from Phil Huggins who provoked this post and the linked articles by questioning the value of traditional written document sets
With a dramatic increase in cyber security legislation and regulation brewing, how is that relationship with regulators going? Is it positive and productive or divisive and dictatorial?
…a potential provider that brags about how comprehensive their due diligence is doesn’t “get it”— it’s about ranking risks and targeting resources where they are needed.