Cyber Security: The Lost Decade – 2018 Edition
Why large organizations still struggle with decade-old security problems – and how to fix them
52 easy to read, bitesize articles which cover all key managerial aspects around information security, from the reporting line of the CISO to the role of the Board, and how to make it work in real life and offer a truly alternative view on how to organise and manage cyber security in large firms, inspired by the direct field experience of their author JC Gaillard, former CISO and leading consultant and expert on the topic.Read More
Revue TELECOM 190 – Editorial par Jean-Christophe Gaillard et Laura Peytavin
Alors que la France porte très haut en cette année 2018 le thème de l’intelligence artificielle (IA), pour en faire le Prométhée d’une nouvelle société numérique, avec de multiples conférences, une nouvelle chaire au collège de France portée par un diplômé de l’école, Stéphane Mallat (1986), de nombreux rapports de la CNIL, de la représentation nationale (Sénat et Assemblée Nationale) dont le rapport Villani établi à la demande du Président de la République, le groupe Cybersécurité de Télécom ParisTech Alumni a décidé d’explorer l’implication de la déferlante « IA » dans le domaine de la sécurité numérique.
Les contributeurs de ce dossier apportent des points de vue clés sur le sujet. Notamment sur la question de savoir si l’IA bénéficiera davantage à ceux qui veulent mettre à mal intentionnellement la sécurité de nos outils et services numériques, ou à ceux qui veulent l’employer à mieux nous défendre.Read More
The Digital Transformation and the Role of the CISO
Cybersecurity needs to be at the heart of the digital transformation, but organisational models will have to evolve
Cybersecurity is in the process of becoming an essential component of any organisation’s digital transformation journey. There is no way around this, especially as policymakers start dipping their toes into privacy and security issues, and societal norms are shifting on the topic.
But increasingly, security and privacy become intertwined, and it makes little sense from a corporate governance perspective to allow a new privacy organisation under a DPO to grow in parallel to – or in conflict with – existing security structures.
JC Gaillard, former CISO and leading consultant and expert on the topic, re-examines how to organise and manage security in large firms, to face major digital transformation challenges and in the wake of the GDPR.Read More
Cyber Security: The Lost Decade
A Security Governance Handbook for the CISO and the CIO
This is a compilation of the best cyber security management, organisation and governance articles published on the Corix Partners blog between 2015 and 2017.
They offer a truly alternative view on how to organise and manage security in large firms, inspired by the direct field experience of their author JC Gaillard, former CISO and leading consultant and expert on the topic.
35 easy to read, bitesize articles which cover all key managerial aspects around information security, from the reporting line of the CISO to the role of the Board, and how to make it work in real life.Read More
Revue TELECOM 185 – Editorial par Jean-Christophe Gaillard
Depuis plusieurs mois, les réseaux sociaux et Internet sont envahis par une immense quantité d’articles et de contenus autour du thème du Règlement sur la Protection des Données Personnelles (RPGD), la nouvelle règlementation européenne sur la Protection des données personnelles qui entrera en vigueur le 25 mai 2018.
Juristes, cabinets de conseil grands et petits, et même éditeurs de logiciels et fournisseurs de service informatiques se précipitent sur le segment, et de fait, la nouvelle réglementation a la capacité d’être un véritable catalyseur autour de la Protection des données personnelles et de la sécurité.
Elle s’inscrit dans un contexte où les données personnelles des consommateurs et des citoyens sont en train de devenir un enjeu économique et politique de premier plan.
Mais il est essentiel de la placer dans le contexte juste et d’aller au-delà des clichés court-termistes.Read More
Bridging the Gap Between IT Security and IT Operations
Life for a CISO could be better. Too many today look out over an landscape overrun by poorly-deployed security tools consuming too many scarce resources, and a dynamic between IT and security that is skeptical at best and distrustful at worst.Read More
Ransomware: 5 practical tips to deal with attacks, and why good practices matter more than ever
Ransomware attacks have become one of the most dominant forms of cyber-attacks over the past few years. There is no doubt that those can be very disruptive, essentially when targeting key systems, critical data, or large populations of senior executives who have to be given emergency – secure – replacement devices to continue working, and might have lost highly valuable or sensitive data in the attack. For large firms, losses can easily run into the tens of millions by the time everything is added up. At the other end of the scale, there are also many ransomware attacks targeting isolated users with low ransoms, which as a result often get paid “to get rid of the problem quickly” so that the affected individual can resume normal work.Read More
Cyber insurance: what do you think you’re buying?
In reality, the market is still maturing and presents significant blockages that are confusing brokers, underwriters and regulators, and may limit the value many clients can get from products.Read More
The board strikes back
Recent data breaches have scared Board members – in particular the TalkTalk incident in October 2015, and the aggressive media coverage that surrounded it.
Still, even in response to Board level demands, many large organisations continue to focus on IT point solutions, looking for some imaginary tactical silver bullet that would make the problem disappear.
In our opinion, this is a problem deeply rooted in corporate governance, organisational and cultural matters, which requires a fundamental rethinking and rewiring of information security practices, driven by the Board itself.
This article from Corix Partners was featured in the New Statesman Cyber Security supplement published on 26th February 2016. Other contributors to the supplement included Ed Vaizey, minister for the Digital Economy; Malcolm Marshall, global leader for cyber security at KPMG and Dr Adrian Davis, managing director for Europe, Middle East and Africa at (ISC)2.Read More
4 Tips for CIOs to Deal Efficiently with Shadow IT
Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager. Thinking about Shadow IT as a “problem” and something that should be banned is not the right start. Embracing it without controls as the way forward is equally wrong. This is just part of a different way of working around technology and security.Read More