Cybersecurity

Cybersecurity in the “When-Not-If” Era by Jean-Christophe Gaillard

The “When-Not-If” paradigm around cyber-attacks is changing the deal completely around cybersecurity.

Many large organisations now assume that breaches are simply inevitable, due to the inherent complexity of their business models and the multiplication of attack surfaces and attack vectors which comes with it.

The Two Factors Killing GRC Practices by Jean-Christophe Gaillard

Many CISOs complain of communication problems with their business. They are not being listened to. They are not getting the budget they think they should get. They feel their business prioritises against security too often.

It has been a recurring theme amongst information security professionals for the best part of the last 15 years, and it is rooted in a wide range of factors, amongst which the profile of the CISO is often a dominant limitation.

Cybersecurity is becoming a matter of good corporate governance, good ethics, and quite simply – good business by Jean-Christophe Gaillard

Cybersecurity has risen as a key issue on the radar of virtually all organisations. As a recent AT Kearney report suggests, cyber-attacks have been topping executives’ lists of business risks for three straight years. In fact, the overwhelming majority of organisations have experienced some form of cyber-attack at some point over the past few years.

Large Firms: What role for the Group CISO? by Jean-Christophe Gaillard

The same title often hides a large diversity of roles, positioned differently across their respective organisations. It often reflects the maturity of each firm towards the appreciation of the threats it faces, the need for business protection, and its appetite for controls.

For large groups, in particular where business units or geographies manage their own bottom line and have a significant degree of autonomy in real terms, it can result in a large population of security practitioners across the group with very diverse approaches, objectives and priorities.

Security and Agile Delivery at an Enterprise Level by Dave Keenan

In many of the places that I have worked, both as a consultant and as a part of a product delivery team, it is usually a case of keeping the Enterprise Information Security team (EIS) at arm’s length. Truth be told, many teams hold to the old adage that the less EIS get involved, the better. Even more so with agile delivery, as the focus towards shorter, more targeted delivery means that EIS is a thorn in product delivery’s side. And though this article leans towards agile delivery, the points made are equally applicable to any waterfall delivery.

The Business Value of Cybersecurity by Jean-Christophe Gaillard

Cybersecurity is rising as a key issue on the radar of virtually all organisations. According to a recent AT Kearney report, cyber-attacks have been topping executives’ lists of business risks for three straight years. This concern is also driven by security and privacy becoming increasingly valued by customers, and by regulators stepping into the topic (GDPR in Europe, California Consumer Privacy Act of 2018).

Three factors marginalising the historical role of the CISO by Jean-Christophe Gaillard

The last SASIG meeting in London on 8th May 2018 examined the role and career of the CISO. It is hard to walk out of an event like this one not feeling that a number of things are seriously going round in circle in the security industry.

GDPR: Where are we now? And what happens next? by Jean-Christophe Gaillard

So … May 25th came and went, quickly followed by the football world cup and a heatwave which wrecked most of Europe and many other parts of the world …

Around GDPR, bureaucracy claimed birthrights over the act and things went back to normal: Snake oil vendors packed their stalls and alleged experts headed for the beach … The anti-climax was predictable, and we are still going through that phase where all players are expecting regulators to set their first fines and wondering “where the big one is going to come from”.