Defining your risk appetite
How to create simple definitions of risk appetite levels, and then assign these to each of your organization’s projects, services, business units or any other clearly identifiable part of your work.
Blogs that appear below are published on the Optimal Service Management web site.
All blogs published on this site are licenced under CC BY-SA 4.0
I write lots of blogs, and deliver training courses on cybersecurity. I nearly always focus on the security of business systems and networks, but it is equally important to think about cyber security in our personal lives.
Major incidents and security breaches are different. Learning from experience can turn out to be hugely expensive, or even result in the organization concerned going out of business. So how can you make sure that you handle these incidents correctly first time?
If you are responsible for security try to be like Goldilocks. Not too much security, not too little, but just right.
Do your people know not just what your security controls do, but why? Do they really protect your assets, or are they just security theatre?
It’s not possible to make good decisions about the security controls you need on a purely technical basis. but there are some controls that nearly all of us need, and one of the most important of these is encryption...
RESILIA™ Cyber Resilience Best Practice was launched in June 2015. What is it and how is it different from all the other publications out there that tell you how to manage information security?