Opinion

Opinion

IT risk management

• Security Think Tank: A guide to security best practice for pandemics

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: Coronavirus crisis helps put security in context

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: ID-driven security helps safeguard the workforce

  In our globalised world, high-profile events such as Covid-19 have huge business impacts and some of these impacts may be felt by CISOs. What responsibilities do security pros have in such circumstances, and what steps can they take to shore up ...  Continue Reading

• Security Think Tank: Covid-19 highlights need for embedded security

  In our globalised world, high-profile events such as Covid-19 have huge business impacts and some of these impacts may be felt by CISOs. What responsibilities do security pros have in such circumstances, and what steps can they take to shore up ...  Continue Reading

• Why ‘no breach’ is bad news for your compliance

  You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case  Continue Reading

• The greatest contest ever – privacy versus security

  Examining the technical, legal and ethical challenges around the privacy versus security debate  Continue Reading

• Addressing the IoT security challenge

  We consider how best to address some of the critical security challenges around the internet of things  Continue Reading

• Security Think Tank: Zero trust strategies must start small, then grow

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Ask yourself if zero trust is right for you

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: How zero trust lets you take back control

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust ...  Continue Reading

• Security Think Tank: Practical steps to achieve zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: No trust in zero trust need not be a problem

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is not the answer to all your problems

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• The fight against cyber crime: Why cooperation matters

  With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today  Continue Reading

• Security Think Tank: Facing the challenge of zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust – just another name for the basics?

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Bug bounties are changing the image of hackers

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Teens in basements don’t represent a positive security culture

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think-Tank: Tackle insider threats to achieve data-centric security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Hooded hackers? More like ruthless competitors

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Changing attitudes to cyber is a team sport

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Why the banking industry needs an IT makeover

  UK banks face huge challenges keeping their service availability levels at 99.99%  Continue Reading

• Security Think Tank: Hero or villain? Creating a no-blame culture

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Get your users to take pride in security

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Put information at the heart of security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Data-centric security requires a holistic approach

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Risk-based response critical to protect data

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Is data more or less secure in the cloud?

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Time for a devolution of responsibility

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Optimise data-centric strategies with AI

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Cyber security: How to avoid a disastrous PICNIC

  Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk  Continue Reading

• Security Think Tank: In-depth protection is a matter of basic hygiene

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• The super-resilient organisation

  We need to build super-resilient organisations that can not only survive in a tempestuous world, but become energised by it  Continue Reading

• Security Think Tank: Stopping data leaks in the cloud

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Base cloud security posture on your data footprint

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Cloud security is a shared responsibility

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security in the supply chain – a post-GDPR approach

  A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security  Continue Reading

• What changes are needed to create a cyber-savvy culture?

  PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture  Continue Reading

• Security Think Tank: Adapt security posture to your cloud model

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: The cloud needs security by design

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Secure the cloud when negotiating contracts

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Embedding security in governance

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Focus on metrics to manage risk

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading

• Security Think Tank: Embed security professionals in your risk strategy

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Risk management must go beyond spreadsheets

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading

• Security Think Tank: Consider risk holistically, not just from an IT angle

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading

• Small business guide: How to keep your organisation secure from fraudsters and hackers

  Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters  Continue Reading

• Security Think Tank: The operational approach to integrated risk management

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Risk is unavoidable in digital transformation

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Regulators globally are shaping up to rein in Facebook

  We need to move fast and fix Facebook, before it breaks us  Continue Reading

• Security Think Tank: The case for blockchain-based identity

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Too soon to dismiss blockchain in cyber security

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Use blockchain for integrity and immutability checks

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain is not for everyone, so look carefully before you leap

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain utility depends on business type and cost

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Risk mitigation is key to blockchain becoming mainstream

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain – balance risk and opportunity for smart security

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Data architecture and security must evolve in parallel

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Data architects should be key allies of infosec pros

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Balancing data accessibility with security controls

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Communication, processes and tech: A new beginning for security

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Security is a business, not an IT function

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Dialogue between data architects and security leads is essential

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Close interdisciplinary ties are key to security integration

  How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: CIA at heart of infosec-data architect partnership

  How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Why investment is needed in the cyber insurance market

  The number of cyber insurance policies on offer is beginning to grow, but insurers still have a long way to go to develop policies that address market concerns  Continue Reading

• Security Think Tank: Aligning data privacy with business objectives

  What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Align compliance objectives with business goals

  What strategies can information security professionals use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Changing the GDPR focus to business benefit

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Benefits of GDPR compliance

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Business needs to see infosec pros as trusted advisers

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Top infosec task is getting on board agenda

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Building a cyber-physical immune system

  Shantanu Rane, researcher in cyber-physical systems security at the Palo Alto Research Center, explains how our own immune systems can inspire the design of modern cyber-physical systems  Continue Reading

• Security Think Tank: Infosec needs to avoid FUD and keep it real

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Security risk ratings key to security/business understanding

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Focus on business impact and likelihood of cyber attacks

  How can cyber security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Why the rise of IT managed by the business is driving creative thinking

  Organisations that encourage business units to implement and run their own IT systems have an edge over competitors that rely entirely on the IT department, research from Harvey Nash and KPMG reveals  Continue Reading

• Security Think Tank: Frame cyber security impacts in business contexts

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Infosec letter to the board

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Effective IT segregation must involve the business

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: In-app segregation more intelligent and permissive

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: IT asset separation is a risk-based decision

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Challenges of segregation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Proper segregation is more important than ever

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Understanding tech is key to effective data segregation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: How to realise the benefits of security zoning

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Benefits and challenges of security segmentation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Surviving the existential cyber punch, part 3

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Surviving the existential cyber punch part 2

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Surviving the existential cyber punch

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Seven steps to manage risk of catastrophic cyber attack

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Cyber attack survival not a matter of luck

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Aim for integrated resilience, continuity and recovery

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Incident response vital to guard against catastrophic cyber attack

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Why cyber security needs to be prioritised at board level

  Despite the rising number of headline-grabbing security breaches, many company executives are still not prioritising cyber security in the boardroom  Continue Reading

• Security Think Tank: BC/DR plan key to cyber attack survival

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: How to reduce the impact of a potential cyber extinction event

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Growing board focus on cyber risk challenges current thinking

  As digital transformation continues to drive change in the business and risk landscape, business and cyber security leaders need to improve discussions around this topic  Continue Reading

• Security Think Tank: Map your own important risk metrics

  What should be the key cyber security risk indicator for any business?  Continue Reading