Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back […]
Confirm whether you are in or out of scope of the #GDPR and ask yourself why that’s important.
There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR ‘good’ is […]
Just like Schrödinger and his quantum feline, most companies are just making assumptions about the state of their cybersecurity risks.
It looks entirely possible you will have ‘adequate’ security dictated by your insurers, so it is your job to understand the risk based yardstick they’re using to define that
How do you avoid the situation that Sony currently finds its self in? How do you accurately assess potential loss and the likelihood of that loss occurring to make good security decisions?
About half of internal audit’s key stakeholders do not believe that internal audit is either delivering the value it should or addressing the risks that matter
Ramblings on risk starting with John Pescatore and ending with comments from FAIR risk framework creator Jack Jones. This is a direct transcription of a discussion about risk management on LinkedIn started […]