An approach to developing a better strategy in your cyber strategy.
Category: Management
What do we protect in Cybersecurity?
A short post comparing an information asset led approach to cybersecurity vs a critical service and customer-led approach.
Managing Identity Consciously
I had cause recently to participate in a workshop considering identity across an enterprise and I wanted to share some of my thinking which was unexpectedly useful. Identity is a slippery thing, it has real world hooks but in the digital world it can be many-faceted and complex. Both real…
Why I don’t like PIGs in Security Risk
Probability times Impact Graphs (PIGs), sometimes called a risk matrix, are endemic in security risk assessment and management. They were adopted decades ago and embedded within standards and practices. They’re still there and extensively used across the discipline despite the academic work since they were introduced which has shown that…
Security Folkways and Deliberate Security Culture
Security culture remains an elusive amorphous ‘thing’ that we all aspire to improve but don’t really understand why or how. This is not unusual in organisations and institutions who try to understand why the interactions and communication between the people who make the goals of the group happen take on…