Defining your risk appetite
How to create simple definitions of risk appetite levels, and then assign these to each of your organization’s projects, services, business units or any other clearly identifiable part of your work.
Blogs that appear below are published on the Optimal Service Management web site.
All blogs published on this site are licenced under CC BY-SA 4.0
It’s easy to assume you know who you’re talking to, but it’s just as easy to make a mistake. Every time you answer the phone, or phone someone else, make sure you really do know who you’re talking to.
I will be delivering a webinar on information security and the service desk on Wednesday 10th October. Here's a preview to whet your appetite...
Major incidents and security breaches are different. Learning from experience can turn out to be hugely expensive, or even result in the organization concerned going out of business. So how can you make sure that you handle these incidents correctly first time?
If you are responsible for security try to be like Goldilocks. Not too much security, not too little, but just right.
Do you ever send emails with attachments or links to your staff or customers? Make sure you're not training people to be phished.
Do your people know not just what your security controls do, but why? Do they really protect your assets, or are they just security theatre?
It’s not possible to make good decisions about the security controls you need on a purely technical basis. but there are some controls that nearly all of us need, and one of the most important of these is encryption...
I attended the inaugural meeting of the Global Forum to Advance Cyber Resilience last week. It was interesting to see that people from public and private sectors, and people from large and small organizations, all face the same cyber resilience challenges - and all need to collaborate...
Here are a few simple things you should do if you want to keep your home computer, and your personal information, safe.
RESILIA™ Cyber Resilience Best Practice was launched in June 2015. What is it and how is it different from all the other publications out there that tell you how to manage information security?