Successful security teams are in a conversation with the rest of their organisation about managing security risk; unsuccessful teams are always in an argument. Security risk management has to be a conversation. No one individual or group can own or fully control this risk due to the complex, interdependent and…
Category: Security
No more Department of No
As organisations come to terms with the impact of digital transformation, there have been louder calls for security teams to stop being the Department of No. In general terms, this is a positive trend but there is a danger for security teams as the ‘shift left’ of digital transformation exposes…
A change to the cyber risk landscape
On June 27th 2017 a cyber-attack called ‘NotPetya’ was launched against a large number of firms. The attack was notable for three reasons; it used a third-party software update mechanism to spread, it was a geopolitically motivated destructive attack that caused extensive damage to uninvolved bystanders it used automated techniques…
Stifling, Suffocating, Security?
Security risk management requires balancing a number of stakeholders needs. The risk owners, ultimately a board of directors of an institution, set a risk appetite (whether implicitly or explicitly) , the business managers and leaders then seek to operate within that appetite to drive growth or deliver their mission. There…
Talking Up Security
A keynote I gave to GDSCon 2017 on how security practitioners should engage with senior executives. Talking Up Security from Phil Huggins FBCS CITP