Posts categorized: JC’s Column

8 November 2018 / JC's Column / JC Gaillard

Simply throwing money at the problem is rarely the answer Many CIOs and CISOs would have come across this situation after an incident, a serious near-miss or a bad audit report: Suddenly, money and resources – which were previously scarce – appear out… Read more »

16 August 2018 / JC's Column / JC Gaillard

Quite a lot will now go down to the regulator’s appetite   So … May 25th came and went, quickly followed by the football world cup and a heatwave which wrecked most of Europe and many other parts of the world … Around the GDPR, bureaucracy claimed… Read more »

21 June 2018 / JC's Column / JC Gaillard

The traditional role of the CISO is changing. It is being challenged by emerging new regulations such as GDPR, which are impacting all industry sectors, and the arrival on the scene of the new role of the DPO in many firms. It is being marginalised by… Read more »

24 May 2018 / JC's Column / JC Gaillard

Is the CISO an outdated concept? And what to do about it? The last SASIG meeting in London on 8th May 2018 examined the role and career of the CISO. It is hard to walk out of an event like this one not feeling that a number of things are seriously goin… Read more »

26 April 2018 / JC's Column / JC Gaillard

Nothing will change until the profile of the CISO is raised and they start to see their role over the mid to long-term Surveys suggest that the average tenure in a CISO position is around 2 years. Although it seems to vary depending on industry sectors… Read more »

15 February 2018 / JC's Column / JC Gaillard

GDPR has been at the forefront of privacy, security, risk and controls discussions in many firms since last year. Many are in the midst of large scale “compliance” programmes, spending enormous amounts with the view of achieving something by the 25th o… Read more »

4 January 2018 / JC's Column / JC Gaillard

People simply trust other people This excellent November piece from McKinsey on cyber security deserves a comment (“A Framework for Improving Cybersecurity discussions within Organizations” – Jason Choi / Harrison Lung / James Kaplan). The visualizatio… Read more »

19 October 2017 / JC's Column / JC Gaillard

Security is not about “enabling” the business but “protecting” it At the end of a keynote speech I gave at the excellent CIOWaterCooler LIVE! Event in London on 28th September 2017 on security organisation, governance and creating the dynamics for chan… Read more »

10 August 2017 / JC's Column, Strategy and Governance / JC Gaillard

Cyber Security is not a Risk Describing Cyber Security as a risk is a language oddity that keeps appearing at an alarming rate. It is a dangerous and simplistic shortcut, typical of the shallow nature of some debate taking place around these issues on… Read more »

13 July 2017 / JC's Column / JC Gaillard

This is not a box-ticking exercise, but a matter of cultural shift for many firms There is a vast amount of “GDPR fatigue” spreading on social media, as the result of the incredible quantity of snake oil being dispensed on the matter. Unsurprisingly, e… Read more »