An approach to developing a better strategy in your cyber strategy.
Tag: cyber
What do we protect in Cybersecurity?
A short post comparing an information asset led approach to cybersecurity vs a critical service and customer-led approach.
Asset Management Measurement for Cyber
Some time ago I wrote about using the Goal-Question-Metric (GQM) method for identifying useful and organisationally relevant measurements in order to have a clear view of some aspect of security. Often we think about metrics in terms of engaging security colleagues, executives and the board. However, occasionally in distributed organisations,…
Serious Business?
Regulating cybersecurity, and data protection in general, is driven by two needs; to clearly explain the expectations that society has for the organisations that society is increasingly dependent on, to provide a mechanism for the unmanaged externalities to those organisations (the societal and personal harm from breaches) to be realised…
Invest in the CIO, before the CISO
I’ve written before about how IT delivery is a crucial limiting factor for cybersecurity outcomes and on how cyber hygiene is mostly not in the security teams control. I’ve come to realise that I also don’t think that IT delivery quality is in the IT teams control either. I recently…