kuppinger cole logo

The Digital Transformation and the Role of the CISO

July 2018 / Author: JC Gaillard
Kuppinger Cole Analysts

Cybersecurity needs to be at the heart of the digital transformation, but organisational models will have to evolve

Cybersecurity is in the process of becoming an essential component of any organisation’s digital transformation journey. There is no way around this, especially as policymakers start dipping their toes into privacy and security issues, and societal norms are shifting on the topic.

But increasingly, security and privacy become intertwined, and it makes little sense from a corporate governance perspective to allow a new privacy organisation under a DPO to grow in parallel to – or in conflict with – existing security structures.

JC Gaillard, former CISO and leading consultant and expert on the topic, re-examines how to organise and manage security in large firms, to face major digital transformation challenges and in the wake of the GDPR.

Read More
Cyber Security: The Lost Decade

Cyber Security: The Lost Decade

September 2017 / Author: JC Gaillard
The Security Transformation Research Foundation

A Security Governance Handbook for the CISO and the CIO

This is a compilation of the best cyber security management, organisation and governance articles published on the Corix Partners blog between 2015 and 2017.

They offer a truly alternative view on how to organise and manage security in large firms, inspired by the direct field experience of their author JC Gaillard, former CISO and leading consultant and expert on the topic.

35 easy to read, bitesize articles which cover all key managerial aspects around information security, from the reporting line of the CISO to the role of the Board, and how to make it work in real life.

Read More
revue telecom june 2017

Revue TELECOM 185 – Editorial par Jean-Christophe Gaillard

June 2017 / Author: JC Gaillard

Depuis plusieurs mois, les réseaux sociaux et Internet sont envahis par une immense quantité d’articles et de contenus autour du thème du Règlement sur la Protection des Données Personnelles (RPGD), la nouvelle règlementation européenne sur la Protection des données personnelles qui entrera en vigueur le 25 mai 2018.

Juristes, cabinets de conseil grands et petits, et même éditeurs de logiciels et fournisseurs de service informatiques se précipitent sur le segment, et de fait, la nouvelle réglementation a la capacité d’être un véritable catalyseur autour de la Protection des données personnelles et de la sécurité.

Elle s’inscrit dans un contexte où les données personnelles des consommateurs et des citoyens sont en train de devenir un enjeu économique et politique de premier plan.

Mais il est essentiel de la placer dans le contexte juste et d’aller au-delà des clichés court-termistes.

Read More
Info sec mag logo

Bridging the Gap Between IT Security and IT Operations

9 June 2017 / Author: JC Gaillard
Info Security Magazine

Life for a CISO could be better. Too many today look out over an landscape overrun by poorly-deployed security tools consuming too many scarce resources, and a dynamic between IT and security that is skeptical at best and distrustful at worst.

JC Gaillard from specialist firm Corix Partners examines how deal with those issues and bridge the gap between security and IT.

Read More
fic logo 2017

Ransomware: 5 practical tips to deal with attacks, and why good practices matter more than ever

14 December 2016 / Author: JC Gaillard
FIC (International Cybersecurity Forum)

Ransomware attacks have become one of the most dominant forms of cyber-attacks over the past few years. There is no doubt that those can be very disruptive, essentially when targeting key systems, critical data, or large populations of senior executives who have to be given emergency – secure – replacement devices to continue working, and might have lost highly valuable or sensitive data in the attack. For large firms, losses can easily run into the tens of millions by the time everything is added up. At the other end of the scale, there are also many ransomware attacks targeting isolated users with low ransoms, which as a result often get paid “to get rid of the problem quickly” so that the affected individual can resume normal work.

JC Gaillard from leading consulting firm Corix Partners offers 5 practical tips to deal with attacks.

Read More
IOD Director logo

Cyber insurance: what do you think you’re buying?

17 November 2016 / Author: JC Gaillard
IoD Director

As cyber security grows in importance so too does cyber insurance. But business leaders should look before they leap, says JC Gaillard of specialists Corix Partners

In reality, the market is still maturing and presents significant blockages that are confusing brokers, underwriters and regulators, and may limit the value many clients can get from products.

Read More
New Statesman article

The board strikes back

29 February 2016 / Author: JC Gaillard
The New Statesman

Recent data breaches have scared Board members – in particular the TalkTalk incident in October 2015, and the aggressive media coverage that surrounded it.

Still, even in response to Board level demands, many large organisations continue to focus on IT point solutions, looking for some imaginary tactical silver bullet that would make the problem disappear.

In our opinion, this is a problem deeply rooted in corporate governance, organisational and cultural matters, which requires a fundamental rethinking and rewiring of information security practices, driven by the Board itself.

This article from Corix Partners was featured in the New Statesman Cyber Security supplement published on 26th February 2016. Other contributors to the supplement included Ed Vaizey, minister for the Digital Economy; Malcolm Marshall, global leader for cyber security at KPMG and Dr Adrian Davis, managing director for Europe, Middle East and Africa at (ISC)2.

Read More
Info Sec Buzz logo

4 Tips for CIOs to Deal Efficiently with Shadow IT

3 December 2015 / Author: JC Gaillard
Information Security Buzz

Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager. Thinking about Shadow IT as a “problem” and something that should be banned is not the right start. Embracing it without controls as the way forward is equally wrong. This is just part of a different way of working around technology and security.

JC Gaillard of Corix Partners shares his top 4 tips for CIOs to effectively and efficiently deal with the matter of Shadow IT.

Read More
Info Sec Buzz logo

Cyber Security: Board of Directors Need to ask the Real Questions

7 August 2015 / Author: JC Gaillard
Information Security Buzz

In August 2014, the US-based Institute of Internal Auditors Research Foundation published (together with ISACA at their 2014 GRC joint conference) a research report focused on what the Board of Directors needs to ask in relation to Cyber Security.

As approach the 2015 GRC Conference – to be held in Phoenix, AZ on 17-19 August – J.C. Gaillard of Corix Partners offers his views on the 2014 report, and his own take on the key questions the Board of Directors should consider around Cyber Security.

Read More
BCS IT Now article

More Control, Less Risk

June 2015 / Author: Neil Cordell
BCS, The Chartered Institute for IT

This article discusses the importance of technologists focusing more on threats and controls and less on risk in order to build an effective Cyber Security Practice.

It shines a light on the typically risk focused nature of the industry and why shifting that focus onto the implementation of effective controls to protect an organisation against real threats is key in effective Cyber Security. It also discuss the disconnect in viewpoints between technologists and business users – and how this can lead to a dangerous position, whereby an organisation develops a false sense of protection against cyber threats and cyber-crime.

This article from Corix Partners was featured in ITNOW published in June 2015 edition, published by BCS, The Chartered Institute for IT

Read More