On June 27th 2017 a cyber-attack called ‘NotPetya’ was launched against a large number of firms. The attack was notable for three reasons; it used a third-party software update mechanism to spread, it was a geopolitically motivated destructive attack that caused extensive damage to uninvolved bystanders it used automated techniques…
Tag: risk
Stifling, Suffocating, Security?
Security risk management requires balancing a number of stakeholders needs. The risk owners, ultimately a board of directors of an institution, set a risk appetite (whether implicitly or explicitly) , the business managers and leaders then seek to operate within that appetite to drive growth or deliver their mission. There…
Portfolios of Risk
I’ve been thinking, and worrying, about portfolio risk and especially cross-portfolio risk in federated environments. In federated environments or extended enterprises it is not unheard of for strong programme management to have a good clear view of the risks in their scope of activity and in some more effective enterprises…
Managing Insider Risk
A short presentation I gave to the July 2015 NED Forum on using the ‘Critical Pathway to Insider Risk’ to Manage Insider Risk. This was a very conversational event so the slides are even more terse than usual. I’ve removed a slide on my employers proprietary technology in this area. This…
Cyber’s Dirty Secret?
In 2011 the U.S. Securities and Exchange Commission (SEC) issued guidance on the disclosure of Cyber risks and Cyber incidents where they may significantly affect the risk of investing in the company reporting to the SEC. This was controversial at the time and has led to an interesting revelation recently; many of the biggest…