The Culture, Media and Sport Committee, appointed by the House of Commons, has produced a report on “Cyber Security: Protection of Personal Data Online”
Recommendation 3 states “To ensure this issue [cyber security] receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber security”
Continue reading “CEOs: How to avoid a cyber pay-cut” →
The UK’s Cyber Essentials Scheme took a major step forward at the beginning of this year when the UK Ministry of Defence (MOD) mandated that its suppliers need to have obtained a Cyber Essentials certificate before they are able to undertake certain contracts.
This news has been coming for quite a while but judging by some reaction to this mandating of Cyber Essentials, it appears to have caught some by surprise. Continue reading “Cyber Essentials at UK MOD: the beginning of a critical mass?” →
One of the ongoing security debates is about how to get the board of directors engaged in the security of their businesses. The recent article “Ignorance on cyber security no longer an option for boards” is the latest in a long line of reports saying boards must do better. Two things struck me reading this particular article. Continue reading “Governance must cover products too” →
I had the pleasure of attending the SINET Global Cybersecurity Innovation Summit earlier this week. A very thought provoking event, with some great speakers.
Continue reading “5 Observations on Moving the Cyber Industry Forward” →
A very welcome initiative from the UK Government. An option for company boards to consider in assessing how cyber streetwise they are, is to use the free iPad app, NEXOR Quaestor, available in the App Store.
A few months back I was tasked by the Nexor Board to carry out a fresh review of the cyber threat to our business and the maturity of our risk mitigations. We’ve had ISO 27001 for a many years across the business, and our audits all come up good, so I thought it should be easy. But how could I explain the results in a Board friendly manner?
Continue reading “Simple Information Assurance Maturity Model” →