When it comes to cyber, information, IT (or whatever you choose to prefix it with) security, where do you draw a compliant and cost-effective line? Where, between gold-plated and the status quo, is good enough?
It looks entirely possible you will have ‘adequate’ security dictated by your insurers, so it is your job to understand the risk based yardstick they’re using to define that
With a dramatic increase in cyber security legislation and regulation brewing, how is that relationship with regulators going? Is it positive and productive or divisive and dictatorial?
The IoT – The terrifying creature from cyberspace. How much of the problem is FUD and how much is poor and rapid development of solutions…a balance to be struck in the interests of clarity
Information security policies this week. Is yours all it’s cracked up to be and what security value is it adding for anyone except lawyers, regulators and auditors?
As some who follow me on Twitter know, I occasionally tweet a bite-size analogy. Sometimes with, sometimes without pics that cheer me up. A few folk have shown their appreciation by viewing, […]
How do you avoid the situation that Sony currently finds its self in? How do you accurately assess potential loss and the likelihood of that loss occurring to make good security decisions?
About half of internal audit’s key stakeholders do not believe that internal audit is either delivering the value it should or addressing the risks that matter