Is hacktivism an acceptable choice?
CSO30 award: thank you
Introducing Incidentally: Why We Must Embrace Risk and Learn From Incidents
Progress demands risk, and incidents are inevitable. Based on 25 years of personal experience, Incidentally will explore the role of risk in driving success, particularly in cybersecurity, and how we can manage and learn from an incident or cyber crisis.
Breaking Down Cybersecurity: The Real Meaning Behind the Jargon
What really is cyber security and why doesn't the traditional CIA triad of confidentiality, integrity, and availability work?
And what's that got to do with footballs anyway?
I've written this simple breakdown of the five key cyber security terms - confidentiality, integrity, availability, authenticity and non-repudiation - with examples of what they mean in practice, and real life incidents illustrating what happens when they go wrong!
Applying agile principles to public sector change
Shortly after 2001, I was one of many to sign the agile manifesto for software development. This document went on to start a global movement and change how technology change is done: from grandiose projects that often failed, to iterative change that often delivered.
But agile principles can be applied in other fields too, perhaps nowhere more so than where people are most impacted: public services.
Why is Jersey introducing a new Cyber Security Law?
under our proposed new Cyber Security Law, Jersey Cyber Security Centre (JCSC) will have no power to fine or penalise bad behaviour. We will have no power to insist, unless through adoption of our recommendations by an existing business or regulator. No power to name and shame those who don't do their bit. No power to investigate, to force compliance, or to require others to act.
We will in fact have one power, and one power only: the power to share information in confidence, and to have information shared in confidence with us.
And we will have one ability: the ability to help.
Here#s how it will work.
Challenging password dogma
Most best practice advice on passwords is terrible. But why? This article explains which password advice should be followed and which advice is harmful, and shows you what a good password policy should contain.
10 steps to effective board leadership on cyber security
Boards and non executive directors can lead from the front on cyber security and reduce risk for your organisation. Yet sometimes it is not easy to find a path forward to engage in a technical area. Here are 10 practice suggestions to take forward with your cyber security leader.
When Cyber Security Board Reports Fall Short
Reporting cyber security to the board involves a delicate balance. Cyber security technical details need to be turned into strategic plans that match the organization's risk tolerance and business goals. Here’s how it can go wrong, and what it takes to get it right.