Posts categorized: JC’s Column
4 January 2018 / JC's Column / JC Gaillard
People simply trust other people This excellent November piece from McKinsey on cyber security deserves a comment (“A Framework for Improving Cybersecurity discussions within Organizations” – Jason Choi / Harrison Lung / James Kaplan). The visualizatio… Read more »
19 October 2017 / JC's Column / JC Gaillard
Security is not about “enabling” the business but “protecting” it At the end of a keynote speech I gave at the excellent CIOWaterCooler LIVE! Event in London on 28th September 2017 on security organisation, governance and creating the dynamics for chan… Read more »
10 August 2017 / JC's Column, Strategy and Governance / JC Gaillard
Cyber Security is not a Risk Describing Cyber Security as a risk is a language oddity that keeps appearing at an alarming rate. It is a dangerous and simplistic shortcut, typical of the shallow nature of some debate taking place around these issues on… Read more »
13 July 2017 / JC's Column / JC Gaillard
This is not a box-ticking exercise, but a matter of cultural shift for many firms There is a vast amount of “GDPR fatigue” spreading on social media, as the result of the incredible quantity of snake oil being dispensed on the matter. Unsurprisingly, e… Read more »
20 April 2017 / JC's Column / JC Gaillard
A “people” perspective on GRC models It is no big secret that the “Three Lines of Defence” model underpinning many GRC practices in large firms is poorly understood and poorly applied at grass-root levels. Anecdotal evidence we observe in the field eve… Read more »
2 March 2017 / JC's Column / JC Gaillard
The Cyber Security Industry needs more talent; but at which level and to do what? Here is a theme that has cyber security experts gripped: There is an enormous problem of skills across the cyber security industry. Not enough professionals. Hundreds of… Read more »
8 December 2016 / JC's Column / JC Gaillard
Year after year, major surveys highlight low levels of cyber security maturity across large firms, and increasingly an even more worrying situation amongst smaller firms. The 2016 RSA Cyber Poverty index is a good example of that trend. It truly paints… Read more »
16 June 2016 / JC's Column / JC Gaillard
In several articles last year, we have explored how to organise InfoSec for success and how to best establish the reporting line of the CISO. Our view – built on years of direct field experience – is that the reporting line of the CISO has to be at boa… Read more »
10 March 2016 / Architecture and Design, JC's Column, Strategy and Governance / JC Gaillard
For years, many technology firms have treated security and privacy matters as an afterthought. It was at best a necessary evil related to regulations and compliance; at worst, something you would window-dress on the day in front of those few clients wh… Read more »
19 November 2015 / JC's Column / JC Gaillard
The cyber attack against UK Internet Services Provider TalkTalk in October 2015 has received an enormous amount of domestic media coverage, leading to at least 15 to 20% of TalkTalk’s market cap being wiped off. Traditional and social media have all be… Read more »