CEOs: How to avoid a cyber pay-cut

The Culture, Media and Sport Committee, appointed by the House of Commons, has produced a report on “Cyber Security: Protection of Personal Data Online

Recommendation 3 states “To ensure this issue [cyber security] receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber security”

Continue reading “CEOs: How to avoid a cyber pay-cut”

Cyber Essentials at UK MOD: the beginning of a critical mass?

The UK’s Cyber Essentials Scheme took a major step forward at the beginning of this year when the UK Ministry of Defence (MOD) mandated that its suppliers need to have obtained a Cyber Essentials certificate before they are able to undertake certain contracts.

This news has been coming for quite a while but judging by some reaction to this mandating of Cyber Essentials, it appears to have caught some by surprise. Continue reading “Cyber Essentials at UK MOD: the beginning of a critical mass?”

Governance must cover products too

One of the ongoing security debates is about how to get the board of directors engaged in the security of their businesses. The recent article “Ignorance on cyber security no longer an option for boards” is the latest in a long line of reports saying boards must do better. Two things struck me reading this particular article. Continue reading “Governance must cover products too”

Simple Information Assurance Maturity Model

A few months back I was tasked by the Nexor Board to carry out a fresh review of the cyber threat to our business and the maturity of our risk mitigations. We’ve had ISO 27001 for a many years across the business, and our audits all come up good, so I thought it should be easy. But how could I explain the results in a Board friendly manner?

Continue reading “Simple Information Assurance Maturity Model”