Cyber Resilience: Part Three What is Cyber Resilience?
Cyber Resilience is an organisation’s preparation for business disruption caused by cyber attacks; its ability to recover from these disruptions; and its systemic capability to adapt and grow from each...
View ArticleCyber Resilience: Part Four Companies’ Plans Must Include Both Resistance and...
Resistance to cyber attack is undoubtedly valuable and can produce effective outcomes. However, resistance is expensive and there is a law of diminishing returns on the investments made in resistance,...
View ArticleCyber Resilience: Part Five What next?
Cyber resistance clearly requires leadership and operational intervention from specialised cyber professionals. However, Cyber Resilience requires a broader institutional response that encompasses all...
View ArticleCyber Resilience: Part Six Recommended Reading
Here are the sources used when developing the thinking behind this blog series: ASIC; 2015; Report 429 Cyber resilience: Health Check; Australian Securities & Investments Commission Bodeau, D;...
View ArticleNot so basic but definitely essential.
We keep talking about new shiny, and increasingly fragile, controls that will prevent attacks or fiendishly clever algorithms or AI to which we can outsource all that hard or fast thinking we’re not...
View ArticleDo CISOs have a higher calling?
I believe the security profession is coming close to an inflection point. The growing dependence on technology in our increasingly digital societies, the systemic and personal harm that data breaches...
View ArticleA change to the cyber risk landscape
On June 27th 2017 a cyber-attack called ‘NotPetya’ was launched against a large number of firms. The attack was notable for three reasons; it used a third-party software update mechanism to spread, it...
View ArticleDon’t over think cyber risk
I have been overthinking cyber risk. I’ve been trying to build a reliable model that I could rely on to mechanism my risk assessments. I’ll continue to refine my ideas because I enjoy the intellectual...
View ArticleLong tails and poverty lines; cyber risk in the supply chain
This week I’ve been attending the third cybersecurity roundtable hosted by the Institute of International Finance (IIF) at their 2018 IIF G20 Conference. The roundtable itself included a good...
View ArticleWhat do we protect in Cybersecurity?
I’ve moved from the private sector back into the public sector, focusing on Health & Social Care. During my work, I am regularly reminded of the government security doctrine that was in effect when...
View Article