In these remote-first times I recently took part in a zoom conversation led by Henry Harrison at Garrison on the growing similarities between commercial and government cyber security. I was joined by Russell Kempley, James Chappell and Bernard Parsons MBE. We ranged from the constraints of high-threat club government security…
Category: Security
Modern Security Risk Presentation
I was recently asked to present in a remote session at the ISC2 Thames Valley Chapter on Modern Security Risk. I’ve not presented remotely like this before but while it was unusual not having the audience visible to see their reactions it seemed to go very well. There were a…
What are Information Assets?
Many methods for analysing Information Security Risks use the term assets, information assets or business assets interchangeably. This is a common foundation of Information Security risk analysis often providing a guide to the business impact of a risk being realised in particular systems that hold or access these assets. The…
Asset Management Measurement for Cyber
Some time ago I wrote about using the Goal-Question-Metric (GQM) method for identifying useful and organisationally relevant measurements in order to have a clear view of some aspect of security. Often we think about metrics in terms of engaging security colleagues, executives and the board. However, occasionally in distributed organisations,…
Triage in Supply-Chain Cyber Risk Management
During my career, I have helped several firms design and operate supply chain cyber risk management (SCCRM) programmes. I have some ongoing concerns that I have posted about before about the industry focus on self-reported checklists of various quality. I also have some heightened concerns regarding the use of externally…