82% of boards are concerned about cybersecurity… …and the UK Parliament think your CEO’s salary should be linked to your firm’s cybersecurity… …but who is really accountable? This June 14th CSO Online article says boards […]
Who is viewed as formal owner of your cybersecurity risks? A poll for anyone in any organisation. This isn’t asking who should be risk owner, it’s asking who the majority of staff think owns these risks. […]
Far too many do far too little to assess and govern 3rd party security…it’s time for that to change.
Lines Of Progress-Limiting Defence – Part 3 of a story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security.
Defence (or Defense) In Depth – a phrase we both love to repeat and repeatedly critique. Perhaps it’s a word problem, not a sense problem…
Just like Schrödinger and his quantum feline, most companies are just making assumptions about the state of their cybersecurity risks.
When it comes to cyber, information, IT (or whatever you choose to prefix it with) security, where do you draw a compliant and cost-effective line? Where, between gold-plated and the status quo, is good enough?
Are you seriously going to ask your milkman the same security questions as your network hosting partner?
Of course not. But between those extremes, companies have a world of pain working out how much vendor and change assurance is enough…