I’ve written before about how IT delivery is a crucial limiting factor for cybersecurity outcomes and on how cyber hygiene is mostly not in the security teams control. I’ve come to realise that I also don’t think that IT delivery quality is in the IT teams control either. I recently…
Tag: board
Talking Up Security
A keynote I gave to GDSCon 2017 on how security practitioners should engage with senior executives. Talking Up Security from Phil Huggins FBCS CITP
Cyber Resilience: Part Six Recommended Reading
Here are the sources used when developing the thinking behind this blog series:
Cyber Resilience: Part Four Companies’ Plans Must Include Both Resistance and Resilience
Resistance to cyber attack is undoubtedly valuable and can produce effective outcomes. However, resistance is expensive and there is a law of diminishing returns on the investments made in resistance, Moreover, because the preparations and mitigations employed in resisting attacks are often specific to particular, point-in-time threats, ongoing resistance is…
Cyber Resilience: Part Three What is Cyber Resilience?
Cyber Resilience is an organisation’s preparation for business disruption caused by cyber attacks; its ability to recover from these disruptions; and its systemic capability to adapt and grow from each attack it experiences. Cyber resilience requires that, while organisations strive to prevent incidents, they also understand their internal operating environments…