There Is No Such Thing As Information Security Risk
There is no such thing as Information Security risk. There are just business risks that have one or more security or IT related causes.
View ArticleThe Risk = Probability x Impact Equation Muddies Waters For InfoSec Risks
Ramblings on risk starting with John Pescatore and ending with comments from FAIR risk framework creator Jack Jones. This is a direct transcription of a discussion about risk management on LinkedIn...
View ArticleWhy Auditors Can Fail Security
About half of internal audit’s key stakeholders do not believe that internal audit is either delivering the value it should or addressing the risks that matter
View ArticleCyberSecurity Risk – The Unvarnished Truth (for Tripwire State of Security)
How do you avoid the situation that Sony currently finds its self in? How do you accurately assess potential loss and the likelihood of that loss occurring to make good security decisions?
View ArticleCyber Insurers Dictating Cybersecurity Standards?
It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using to define that
View ArticleSchrödinger's Risk
Just like Schrödinger and his quantum feline, most companies are just making assumptions about the state of their cybersecurity risks.
View ArticleGDPR – The Compliance Conundrum
There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR ‘good’ is […]
View ArticleWhere and to whom does the GDPR apply?
Confirm whether you are in or out of scope of the #GDPR and ask yourself why that's important.
View ArticleData Protection, Security, and the GDPR: Myths and misconceptions #2
Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back […]
View Article