A short post comparing an information asset led approach to cybersecurity vs a critical service and customer-led approach.
Tag: management
Security Folkways and Deliberate Security Culture
Security culture remains an elusive amorphous ‘thing’ that we all aspire to improve but don’t really understand why or how. This is not unusual in organisations and institutions who try to understand why the interactions and communication between the people who make the goals of the group happen take on…
Invest in the CIO, before the CISO
I’ve written before about how IT delivery is a crucial limiting factor for cybersecurity outcomes and on how cyber hygiene is mostly not in the security teams control. I’ve come to realise that I also don’t think that IT delivery quality is in the IT teams control either. I recently…
Value of Security
The role of security in business is constantly up for debate, a growing movement in the UK around adopting some of Simon Wardley‘s approaches to strategy to a security strategy has started some interesting conversations again. For years security was seen as the department of no or the guys that…
Good security is a conversation, not an argument. Part One.
Successful security teams are in a conversation with the rest of their organisation about managing security risk; unsuccessful teams are always in an argument. Security risk management has to be a conversation. No one individual or group can own or fully control this risk due to the complex, interdependent and…