The Emperor’s New Clothes: Why Compulsory CBTs and Phishing Tests Keep Failing
Cyber Security Management, Cyber Security, Cyber Security Assurance Matt Palmer Cyber Security Management, Cyber Security, Cyber Security Assurance Matt Palmer

The Emperor’s New Clothes: Why Compulsory CBTs and Phishing Tests Keep Failing

Most phishing training, and indeed most compulsory computer-based training (CBT) modules, are largely ineffective in reducing incidents - and are therefore a waste of time and resources.

Finally we have the data we need to challenge this, and find a better path to user awareness that may actually reduce the frequency and impact of cyber incidents.

Read More
Breaking Down Cybersecurity: The Real Meaning Behind the Jargon
Cyber Security, National Cyber Security & Resilience, Cyber Security Management, Cyber Security Assurance Matt Palmer Cyber Security, National Cyber Security & Resilience, Cyber Security Management, Cyber Security Assurance Matt Palmer

Breaking Down Cybersecurity: The Real Meaning Behind the Jargon

What really is cyber security and why doesn't the traditional CIA triad of confidentiality, integrity, and availability work?

And what's that got to do with footballs anyway?

I've written this simple breakdown of the five key cyber security terms - confidentiality, integrity, availability, authenticity and non-repudiation - with examples of what they mean in practice, and real life incidents illustrating what happens when they go wrong!

Read More
Why is Jersey introducing a new Cyber Security Law?
Cyber Security, National Cyber Security & Resilience Matt Palmer Cyber Security, National Cyber Security & Resilience Matt Palmer

Why is Jersey introducing a new Cyber Security Law?

under our proposed new Cyber Security Law, Jersey Cyber Security Centre (JCSC) will have no power to fine or penalise bad behaviour. We will have no power to insist, unless through adoption of our recommendations by an existing business or regulator. No power to name and shame those who don't do their bit. No power to investigate, to force compliance, or to require others to act.

We will in fact have one power, and one power only: the power to share information in confidence, and to have information shared in confidence with us.

And we will have one ability: the ability to help.

Here#s how it will work.

Read More
Featured
The Emperor’s New Clothes: Why Compulsory CBTs and Phishing Tests Keep Failing
The Emperor’s New Clothes: Why Compulsory CBTs and Phishing Tests Keep Failing
Lessons from the Titanic: when you don’t respond to a crisis
Lessons from the Titanic: when you don’t respond to a crisis
Introducing Guernsey Cyber Security Centre
Introducing Guernsey Cyber Security Centre
Is hacktivism ever acceptable?
Is hacktivism ever acceptable?
CSO30 award: thank you
CSO30 award: thank you
Introducing Incidentally: Why We Must Embrace Risk and Learn From Incidents
Introducing Incidentally: Why We Must Embrace Risk and Learn From Incidents
Breaking Down Cybersecurity: The Real Meaning Behind the Jargon
Breaking Down Cybersecurity: The Real Meaning Behind the Jargon
Applying agile principles to public sector change
Applying agile principles to public sector change
Why is Jersey introducing a new Cyber Security Law?
Why is Jersey introducing a new Cyber Security Law?
Challenging password dogma
Challenging password dogma