Category: IT Security Central

As part of my new role, one of my first tasks has been to develop a cybersecurity strategy for the Health and Social Care sector. I was recently asked: “How…

Probability times Impact Graphs (PIGs), sometimes called a risk matrix, are endemic in security risk assessment and management. They were adopted decades ago and embedded within standards and practices. They’re…

Security culture remains an elusive amorphous ‘thing’ that we all aspire to improve but don’t really understand why or how. This is not unusual in organisations and institutions who try…

Previously I wrote about how I had implemented the simple quantitative analysis from Doug Hubbard’s book ‘How to measure anything in cybersecurity’ into javascript. When I wrote that code for…

I’ve recently been talking with some executives who bemoan the risk management in their organisations. They don’t trust the risks as they are presented and worry about putting their finite…

This was a busy week but once again the Open Security Summit proved why it is one of my favourite events on the security calendar. There is now a huge…

In these remote-first times I recently took part in a zoom conversation led by Henry Harrison at Garrison on the growing similarities between commercial and government cyber security. I was…

I was speaking with a peer recently about the value of bow-tie diagrams and how they allow you to separate controls from mitigations and it became obvious I was using…

This is the first installment of a three part series.. Over the next three installments, let’s work through the reality of the following questions in light of the recent Capital…

UWEBC INFORMATION TECHNOLOGY PEER GROUP MEETING  Value of IT: Using Metrics to Build a Narrative of IT’s Impact within the Enterprise  July 23, 2019     09:00 AM – 03:00…