Keep appointing pure technologists in CISO roles and you’ll never win The Wannacry ransomware attack that affected so many large firms in May 2017 led to a number of animated...
There are many risk management methodologies in existence but it is not uncommon to come across large firms still following today simplistic, dysfunctional or flawed practices, in particular around operational risk management.
The main issue with many of those approaches is that they are plagued by a fundamental theoretical issue, which goes far beyond semantics: There is an abyss between managing “Risk” (broadly defined as “the impact of uncertainty on objectives”) and managing “risks” (events or scenarios that might have an undesirable outcome).
We are coming to a point in many large firms where true “innovation” in the cyber security space does not consist in deploying the latest tools, but in going back to the governance drawing board.
You can’t effectively implement brand consistency without first establishing some clear brand guidelines, and the same rule applies to Information Systems. Deploying information management systems without any guidance on how and when to use them is a surefire recipe for chaos.