The Poynter Report into the HMRC incident and subsequent investigation is an excellent insight and a great case-study in Information Security management.
Surprisingly (at least to me) was the fact that the organisation had neither a Chief Risk Officer or CISO. Both of which have subsequently been recommended in the report.
The report contains a pragmatic and common sense list of 45 recommendations. It’s just unfortunate that it took such a serious incident to make it happen. I’ll be looking more closely at one or two of those recommendations for my own organisations benefit….