Ah, raising awareness. Well raising awareness properly, and by that I don’t mean doing some rudimentary tick box waste of time and energy. Where to start. Well, I’d advise you to think of it like marketing, because that is what it is! You’re trying to sell ideas; you’re trying to build engagement; you’re trying to … Continue reading Marketing security awareness
Security awareness isn’t something new. It is a means to educate the workforce, the front line of risk realisation and to create a culture where security behaviour marches triumphantly towards exemplary. This represents a fabulous opportunity to have a tangibly positive impact upon risk. However, in the real world, it is little more than a … Continue reading Outcome based awareness
In too many organisations, cyber security is dislocated and siloed. Security chiefs need to take a more joined-up approach, but that is likely to mean a rethink of how the security team operates There is a common problem in the cyber security industry, something that holds many organisations back in their maturity. Quite simply, too … Continue reading Joining the dots to deliver effective cyber security
There is a certain fallacy in the world of cyber security. It has been there since day one and continues to thrive today. It is simply that controls work. In the main they don’t. For too long security teams have lived the lie that what they have delivered has been effective, but so often from … Continue reading Cyber Security……you’re doing it all wrong!
It is very interesting to see the Equifax report. Most pertinently that they had processes, tools and policies in place, yet still succumbed in a big way. Risk materialised. A risk that, with what most would deem the basics, and probably more, should have largely been mitigated. Yet we have a serious problem in the … Continue reading How Equifax are you?