Risk Management & Reporting

Cyber Crime Survival Tips for SMEs

It is widely acknowledged that all businesses can be victims of cyber crime, suffer data loss, get hit by ransomware or fall victim to some other form of cyber attack – the “when, not if” maxim in cyber security circles. However, for SMEs, facing up to this fact is difficult.

Read More

Cyber crime is still a challenge for company boards

For people who have been working in security for some time there has been an evolution in communicating cyber crime risks to the board; this has gone through several phases from initial disinterest, through necessary but begrudging acceptance to a point where now measurement of the state of key risk indicators is actively sought.

Read More

Cyber crime: It’s happening to your suppliers

It is getting almost stale to be warning about the need to assure security throughout the supply chain. Most businesses have had third party assurance programmes in place for many years and are well versed with the challenges and struggles in the fight against cyber crime.

Read More

Cyber Crime: Measure your risks


It has been said that “If you can’t measure it, you can’t manage it” (Peter Drucker).

That may not apply universally (most rules have exceptions), but it is an interesting way to look at cyber crime; or more accurately the ability to withstand and/or recover from a cyber crime attack.

Read More

Compliance and Risk – The Two-Step Dance Partners of Information Security

In a previous blog post we looked at how a security scorecard can be used to monitor your organisation’s compliance against a predefined set of controls, such as the Australian Cyber Security Centre’s (ACSC) recommended Essential Eight (E8). By selecting a security framework like E8 you’ve already made a risk management decision; you’ve acknowledged a set of risks against which you want to protect your enterprise. But don’t stop there. By routinely making these measures you can benchmark your security posture over time for continuous risk management and quality improvement purposes.

Read More

Cyber Crime: Know your Exposure

After all the coverage that cyber crime gets, there is often still much uncertainty in the minds of business stakeholders around what the risk is, what could your exposure to it  be? What does the  impact look like if you are affected?

Read More

Cyber Security Quotes: “Third-Party Risk Management Requires Continuous Insight”

Managing third party cyber security risk, or “supply chain assurance”, is not a new topic, in fact we’ve discussed it before here.  The concept of ensuring your suppliers will protect their IT systems and the data that you exchange with them is no longer unreasonable.  As Forrester says in the key takeaways in their recent researchThird-Party Risk Management Requires Continuous Insight” – the quote from this posts title..

Read More

Information Security Risk Management – Achieving better outcomes

Information security managers and CISOs often report that all risks are bad and need mitigation strategies. When communicating these strategies to business leaders, they present risks that demonstrate a deep understanding of the technical challenges and adversaries the business faces. Yet, oftentimes they overlook the fact that the person best placed to understand and choose whether to accept or manage a risk is the organisation’s CEO or board.

Let’s explore why CEO and board empathy is one of the most important attributes a CISO or security manager can have when explaining and presenting a strategy to manage information security risks.

Read More

Cyber Security Quotes: Messages from the front-line of cyber security, data protection and risk management

This post is one of a series looking at what we can learn from what is actually said by real people working on real problems in the cyber security industry (hence “cyber security quotes”). Below we consider the feedback, thoughts, opinions and views at the front line of cyber security – the things that are said by security operators and analysts who monitor and defend systems from attack and deal with incidents when they occur.

Read More
1 2