Skip to content
  • About
  • Resilience
  • Analytics
  • Architecture
  • Testing
  • Management
  • Risk
  • Other
A black swan

Black Swan Security

A blog about cybersecurity.

Tag: securitymanagement

January 8, 2022April 1, 2022 Phil

What do we protect in Cybersecurity?

Management, Resilience, Risk, Security

A short post comparing an information asset led approach to cybersecurity vs a critical service and customer-led approach.

Read More
October 23, 2013April 1, 2022 Phil

Blueprint for Security in 2013

Management

I’ve worked with a number of organisations this year that have been refreshing or redesigning part or all of their security function. It’s brought into focus for me the tension between new security practices and organisational inertia. These have all been organisations that cared greatly about security and were in…

Read More
July 11, 2013April 1, 2022 Phil

Business Partner and Supply Chain Cyber Security

Management, Security

I’ve recently been involved in some strategic cyber security work in the UK financial services sector. The financial services sector is a complex and coupled system. While some components are clearly more important there are few components that are inconsequential if they cannot be relied upon. No financial services organisation…

Read More
July 4, 2012April 1, 2022 Phil

Alignment vs Compliance vs Certification

Management

I have had a series of conversations recently where the concepts of alignment, compliance and certification of ISO 27001 were very confused. Certification was seen as horribly costly and alignment was held out as a good enough goal that was entirely achievable. In this particular environment they were already ‘aligned’ and had…

Read More
January 5, 2012April 1, 2022 Phil

Security defect triage in delivery projects

Architecture

The guys at Recx asked me to look at a draft of their recent blog post ‘The Business v Security Bugs – Risk Management of Software Security Vulnerabilities by ISVs where they describe some of the business constraints and influences on security defect triage for Independent Software Vendors and make the…

Read More

Posts navigation

Older posts

Recent Posts

  • What I’ve learnt writing cyber strategies with grand scopes
  • What do we protect in Cybersecurity?
  • Managing Identity Consciously
  • Why I don’t like PIGs in Security Risk
  • Security Folkways and Deliberate Security Culture
  • Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2
  • Open Security Summit 2020
  • What are we missing in risk?
  • Commercial & Government Cyber Conversation
  • Through the barricades..
  • Modern Security Risk Presentation
  • What are Information Assets?
  • Dressing up security with Bow-Ties
  • Asset Management Measurement for Cyber
  • Triage in Supply-Chain Cyber Risk Management
  • Security on the Bottom Line
  • What is Likelihood?
  • What is Information Security Risk?
  • Serious Business?
  • Invest in the CIO, before the CISO

Tag Cloud

44con 27001 analytics architecture assurance big data board boardlevel ciso conference cyber cyber resilience cyber security cynefin data science engagement governance information security infosec leadership management measurement OODA pen testing principles protectivemonitoring regulation resilience resistance risk security security analytics security architecture zones trust securitymanagement security management security management cyber securitymonitoring security risk securitystrategy securitytest security testing strategy supply chain testing third-party

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

If you would like to ask a question or comment on anything I have written here please contact me via Twitter at @oracuk, if you can please link back to the post in question in your tweet.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.