Collaborate Disseminate
Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT… Continue reading CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024
Chapter 1 In an ornate boardroom, a group of executives gathered at a large round table for their annual strategic planning meeting. Morgan, the CEO, was surrounded by Lana, the VP of Sales; Susan, the CISO, Smith, the COO; and Barbara, Chief Complianc… Continue reading Plights of the Round Table – A Tale of Weighing Risk
Sometimes your best intentions are thwarted by technology. That was the case when Thom Langford and I attempted to do a Q&A session after our webinar “Modern Skills for Modern CISOs.” Unfortunately, the session ended before we got the c… Continue reading Modern Skills for Modern CISOs: Your Questions Answered
With data breaches regularly marking the headlines, it is no surprise that digital threats constitute an increasingly significant concern for the C-Suite and cyber security experts. What is surprising, however, is that these two groups don’t seem… Continue reading The Language of Risk: Bridging the Disconnect between the C-Suite and Cyber Security Experts
In October 2018, FICO (a consumer credit scoring specialist) began scoring the cybersecurity of companies based upon a scan of internet facing vulnerabilities. FICO grades companies using the same scoring that is familiar with consumer credit. These me… Continue reading Cybersecurity Hygiene: Not a Dirty Little Secret for Long
Every organization is led by people who are responsible for setting the overall direction, establishing priorities, maintaining influence over organizational functions and mitigating risks. Given the wide range of organizational types across industry s… Continue reading Cybersecurity Is Every Leader’s Job
Recently, I had the privilege to be part of a four-person discussion panel at a security event in London where the topic was about incident response. The panel was hosted by another security professional, and over 50 professionals from the industry wer… Continue reading Why You Need a Concrete Incident Response Plan (Not Strategy)
Security and compliance are often said in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go great together. As much as I would like to see auditors and developers (or Security Analysts) … Continue reading Security vs. Compliance: What’s the Difference?
The definition of “operational risk” is variable, but it generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. I, however, want to re-examine this general defin… Continue reading Redefining the Meaning of Operational Risk
On 26 March, the UK government unveiled its Cyber Security Export Strategy. The Department for International Trade (DIT) created this strategy to help the United Kingdom capitalize on the world’s ever-evolving digital security market. In essence,… Continue reading How Foundational Controls Can Be Used to Help Fight Back Against Digital Security Challenges