What is the number one Data Governance mistake?
Nine years ago, I wrote a report detailing what I believe to be some of the biggest mistakes you can...
Tagged: Governance
Cyber Security: The Operational Illusion
Security culture and governance eat tech for breakfast Looking back at what happened at ground level throughout the COVID crisis,...
Cyber Security and the Culture of Alienation
The COVID crisis is presenting most organisations with unprecedented situations, but it does not make cyber security less of a priority. On the contrary, cyber security – whether it is in support of remote working, e-commerce or digitalised supply chains – will be a pillar of the “new normal”. Now is the time to deal with it strategically, and from the top down.
“Good Security Governance” is not a Piece of Useless Consultant Jargon
For any organisation above a certain size, effective and efficient protection can only result from the layered application of protective measures at people, process and technology level. And in that order.
The Two Factors Killing GRC Practices
In many firms, the equation between Governance, Risk and Compliance around cyber security is becoming heavily weighted towards the G, and GRC functions must adjust as a result, both in terms of internal structures and in terms of interactions with other stakeholders.
Why are we still talking about the reporting line of the CISO?
Why are so many organisations and security professionals still worried about the reporting line of the CISO? This is one of the oldest and most consistent debate agitating the security industry, and it looks far from resolved. It has been polluted for decades by arbitrary and simplistic views on “separation of duties” and alleged “conflicts of interest”. But those views often come from sectors of the corporate spectrum with a fairly theoretical idea on how an organisation should operate, and rarely reflect the reality of how large organisations function.
