How to introduce cyber security risk management to the business


If you haven’t already, then at some point you’ll need to have “the talk” with the business.

Introducing cyber security risk management to non-technical executives can be difficult, awkward and excruciatingly tiring. Unfortunately… the number one and arguably most important thing missing from most corporate cyber security risk management programs is senior leadership’s approval.

Continue reading…

Stop Doing Five Things and Convince Your Execs and Board to Properly Fund Cybersecurity

My first post on Infosec Island is live today and more importantly, I’m one more step closer to my bucket list dream of being published in Wired ! In it, I cover my thoughts on what cyber security professionals are doing wrong when the communicate to senior leadership and the board and what they can do to fix it.

So check out my top 5 boardroom presentation hacks and find out how I somehow managed to make fun of stock clipart and work in references to War Games, The Matrix, Sneakers, Sword Fish, Hackers, and The Net!

Continue reading on Infosec Island…

Who Owns Cyber Security Risk Management?

In light of the countless cyber incidents reported daily—including high-profile database breaches that have impacted millions of patients—the question of risk responsibility is more front and center than ever before. To date, there’s remained a troubling tendency to view cyber security as fundamentally different and separate from other organizational risks. Or, it’s simply viewed as an “IT problem” best left handled by those with the requisite experience and operational subject matter expertise.

Continue reading…

HIMSS Privacy and Security Forum Boston – Top Themes and Conference Recap

In healthcare, there can often be a disconnect between IT and executive leadership when it comes to prioritization of cybersecurity risk management. Finding ways to bridge this gap has been a prevailing theme at both this week’s HIMSS 2017 Conference and Exhibition and last quarter’s HIMSS Privacy and Security Forum.

Continue reading…

The Worst Time to Plan for a Breach? After One Has Already Occurred.

Your organization has been hit with a catastrophic ransomware attack. Most of the critical digital systems that your business needs in order to function—at the most basic level—are offline. Your CEO has received a ransom note demanding money. If no payment is sent, the attack will continue indefinitely, and the company may never regain access to much or all of the compromised data.

Continue reading…

Peanut Butter Budgeting for Cyber Security and Why It Doesn’t Work

The economics of cyber security are completely lopsided. There are a seemingly infinite number of cyber security risks out there, with more and more popping up every day. Hackers appear to have unlimited resources, and cybercriminals are literally reinvesting their lucrative profits into new and innovative ways to exploit, extort, and steal from your organization.

Continue reading…

How to practice safe Apps

Apps are awesome. I don’t need to tell you that. Just look at your phone or tablet or both. They probably have a boatload of Apps on them already.

I bet you have already installed many of the usual suspects such as Angry Birds, Instagram, Facebook, some sort of Twitter client, WhatsApp and maybe even a few work related ones like Evernote and DropBox. And of course if you’re good Canadian, you’re likely to have The Weather Network App installed! We take our weather seriously up here.

Continue reading…