Ah, raising awareness. Well raising awareness properly, and by that I don’t mean doing some rudimentary tick box waste of time and energy. Where to start. Well, I’d advise you to think of it like marketing, because that is what it is! You’re trying to sell ideas; you’re trying to build engagement; you’re trying to … Continue reading Marketing security awareness
Security awareness isn’t something new. It is a means to educate the workforce, the front line of risk realisation and to create a culture where security behaviour marches triumphantly towards exemplary. This represents a fabulous opportunity to have a tangibly positive impact upon risk. However, in the real world, it is little more than a … Continue reading Outcome based awareness
For a while I have been toying with the idea of how we grow the maturity of our cyber capability across the UK. I say we as I think it is incumbent on us all to do such. And by ‘we’ I’m talking about individuals, teams, organisations, private and public sectors. A collective rethink, or … Continue reading Building a Cyber Security DNA
In too many organisations, cyber security is dislocated and siloed. Security chiefs need to take a more joined-up approach, but that is likely to mean a rethink of how the security team operates There is a common problem in the cyber security industry, something that holds many organisations back in their maturity. Quite simply, too … Continue reading Joining the dots to deliver effective cyber security
There is a certain fallacy in the world of cyber security. It has been there since day one and continues to thrive today. It is simply that controls work. In the main they don’t. For too long security teams have lived the lie that what they have delivered has been effective, but so often from … Continue reading Cyber Security……you’re doing it all wrong!