The role of the CISO and their reporting line seems to be a continuing topic of discussion amongst cyber security professionals. Something that is increasingly a major source of concern in a world that is more and more “hyper connected” and where data is the real “fuel” the business needs to burn on its journey towards digital transformation. Often at the top is a Group CISO, but what could be their role in such context? And how to make it work?
Keep appointing pure technologists in CISO roles and you’ll never win The Wannacry ransomware attack that affected so many large firms in May 2017 led to a number of animated...
There are many risk management methodologies in existence but it is not uncommon to come across large firms still following today simplistic, dysfunctional or flawed practices, in particular around operational risk management.
The main issue with many of those approaches is that they are plagued by a fundamental theoretical issue, which goes far beyond semantics: There is an abyss between managing “Risk” (broadly defined as “the impact of uncertainty on objectives”) and managing “risks” (events or scenarios that might have an undesirable outcome).
We are coming to a point in many large firms where true “innovation” in the cyber security space does not consist in deploying the latest tools, but in going back to the governance drawing board.
You can’t effectively implement brand consistency without first establishing some clear brand guidelines, and the same rule applies to Information Systems. Deploying information management systems without any guidance on how and when to use them is a surefire recipe for chaos.