Part one Preamble We always hear the words in security “good practice”, “good security” and so on. But what does good mean? From the GDPR it uses the lovely phase of “Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and […]
Intro I have seen quite a few articles on what CISO’s should concentrate on so I am going to give you my opinion. So you have just landed a new role as CISO so after induction (if you don’t have one add it to the list of items to resolve) […]
This article is about how security can be implemented in a cost-effective way adding benefit to the business, however, it needs to be driven from the senior leadership of the organisation. This might come across as a bit of letting off steam and with that said and in the words […]
For organizations asking how to improve the quality of their services and products and constantly meet their customers’ expectations, ISO has an answer. Addressing numerous elements of quality administration and containing some of ISO’s finest-identified standards, there’s the ISO 9000 family for quality and the ISO27001 for Security. Without an […]
After a security certification exercise such as ISO27001 or PCI, everything goes quiet, there are no resources available to keep compliant. As a Ciso I have had peers complain that leadership didn’t perceive that compliance frameworks like ISO, PCI, HIPAA, or NIST requires maintenance after the fact. The challenges CISOs […]