Introducing Incidentally: Why We Must Embrace Risk and Learn From Incidents
Progress demands risk, and incidents are inevitable. Based on 25 years of personal experience, Incidentally will explore the role of risk in driving success, particularly in cybersecurity, and how we can manage and learn from an incident or cyber crisis ... Read More
Breaking Down Cybersecurity: The Real Meaning Behind the Jargon
What really is cyber security and why doesn't the traditional CIA triad of confidentiality, integrity, and availability work? And what's that got to do with footballs anyway? I've written this simple breakdown of the five key cyber security terms - confidentiality, integrity, availability, authenticity and non-repudiation - with examples of ... Read More
Applying agile principles to public sector change
Shortly after 2001, I was one of many to sign the agile manifesto for software development. This document went on to start a global movement and change how technology change is done: from grandiose projects that often failed, to iterative change that often delivered. But agile principles can be applied ... Read More
Challenging password dogma
Most best practice advice on passwords is terrible. But why? This article explains which password advice should be followed and which advice is harmful, and shows you what a good password policy should contain ... Read More
10 steps to effective board leadership on cyber security
Boards and non executive directors can lead from the front on cyber security and reduce risk for your organisation. Yet sometimes it is not easy to find a path forward to engage in a technical area. Here are 10 practice suggestions to take forward with your cyber security leader ... Read More
When Cyber Security Board Reports Fall Short
Reporting cyber security to the board involves a delicate balance. Cyber security technical details need to be turned into strategic plans that match the organization's risk tolerance and business goals. Here’s how it can go wrong, and what it takes to get it right ... Read More
Does moving to the cloud mean compromising on security?
Cloud security means multiple teams with a shared responsibility. The transition to cloud computing is an evolution that many organisations are still undertaking to improve efficiency, scalability, and flexibility in their operations. Cloud services offer recognised advantages, such as moving IT infrastructure costs to operating expenditure rather than capital expenditure, ... Read More
How to get fast board buy-in for your cyber security project
To experts, the business case for cyber security change programmes can seem clear as day — it can be hard to understand why rational business leaders may say no to investment. Yet they do.Here’s how to get a yes.Winning board support for cyber security projects is a critical challenge for ... Read More
Lessons from the MGM cyber attack
On September 12, 2023, MGM Resorts International experienced a cyber attack that resulted in them shutting down their systems. The investigation is ongoing, but crime groups Scattered Spider and APLHV are believed to have used social engineering to hack into the company. What do we know now? And what can ... Read More
Project assurance skills and Prince 2 for IT auditors
The challenge of IT Project AssuranceProject assurance can be a challenge; change programmes are notoriously complicated with many dependent parts contributing to an overall goal. Project managers often have a different view of success to their sponsors. Processes, governance, control and approach vary wildly. Controlling projects through effective change management ... Read More
