Cyber Security:The Lost Decade - 2018 Edition

Cyber Security: The Lost Decade – 2018 Edition


October 2018 / Author: JC Gaillard
The Security Transformation Research Foundation

Why large organizations still struggle with decade-old security problems – and how to fix them

A selection of key cyber security articles from leading expert and consultant JC Gaillard published on the Corix Partners blog since 2015 and an update to our 2017 version.

52 easy to read, bitesize articles which cover all key managerial aspects around information security, from the reporting line of the CISO to the role of the Board, and how to make it work in real life and offer a truly alternative view on how to organise and manage cyber security in large firms, inspired by the direct field experience of their author JC Gaillard, former CISO and leading consultant and expert on the topic.

Read More
Revue Telecom 109 Intelligence Artificielle

Revue TELECOM 190 – Editorial par Jean-Christophe Gaillard et Laura Peytavin


October 2018 / Authors: JC Gaillard and Laura Peytavin
Revue TELECOM

Alors que la France porte très haut en cette année 2018 le thème de l’intelligence artificielle (IA), pour en faire le Prométhée d’une nouvelle société numérique, avec de multiples conférences, une nouvelle chaire au collège de France portée par un diplômé de l’école, Stéphane Mallat (1986), de nombreux rapports de la CNIL, de la représentation nationale (Sénat et Assemblée Nationale) dont le rapport Villani établi à la demande du Président de la République, le groupe Cybersécurité de Télécom ParisTech Alumni a décidé d’explorer l’implication de la déferlante « IA » dans le domaine de la sécurité numérique.

Les contributeurs de ce dossier apportent des points de vue clés sur le sujet. Notamment sur la question de savoir si l’IA bénéficiera davantage à ceux qui veulent mettre à mal intentionnellement la sécurité de nos outils et services numériques, ou à ceux qui veulent l’employer à mieux nous défendre.

Les articles de JC Gaillard et Laura Peytavin dans ce dossier sont disponibles en anglais sur le blog Corix Partners.

Read More
kuppinger cole logo

The Digital Transformation and the Role of the CISO


July 2018 / Author: JC Gaillard
Kuppinger Cole Analysts

Cybersecurity needs to be at the heart of the digital transformation, but organisational models will have to evolve

Cybersecurity is in the process of becoming an essential component of any organisation’s digital transformation journey. There is no way around this, especially as policymakers start dipping their toes into privacy and security issues, and societal norms are shifting on the topic.

But increasingly, security and privacy become intertwined, and it makes little sense from a corporate governance perspective to allow a new privacy organisation under a DPO to grow in parallel to – or in conflict with – existing security structures.

JC Gaillard, former CISO and leading consultant and expert on the topic, re-examines how to organise and manage security in large firms, to face major digital transformation challenges and in the wake of the GDPR.

Read More
Cyber Security: The Lost Decade

Cyber Security: The Lost Decade


September 2017 / Author: JC Gaillard
The Security Transformation Research Foundation

A Security Governance Handbook for the CISO and the CIO

This is a compilation of the best cyber security management, organisation and governance articles published on the Corix Partners blog between 2015 and 2017.

They offer a truly alternative view on how to organise and manage security in large firms, inspired by the direct field experience of their author JC Gaillard, former CISO and leading consultant and expert on the topic.

35 easy to read, bitesize articles which cover all key managerial aspects around information security, from the reporting line of the CISO to the role of the Board, and how to make it work in real life.

Read More
revue telecom june 2017

Revue TELECOM 185 – Editorial par Jean-Christophe Gaillard


June 2017 / Author: JC Gaillard
Revue TELECOM

Depuis plusieurs mois, les réseaux sociaux et Internet sont envahis par une immense quantité d’articles et de contenus autour du thème du Règlement sur la Protection des Données Personnelles (RPGD), la nouvelle règlementation européenne sur la Protection des données personnelles qui entrera en vigueur le 25 mai 2018.

Juristes, cabinets de conseil grands et petits, et même éditeurs de logiciels et fournisseurs de service informatiques se précipitent sur le segment, et de fait, la nouvelle réglementation a la capacité d’être un véritable catalyseur autour de la Protection des données personnelles et de la sécurité.

Elle s’inscrit dans un contexte où les données personnelles des consommateurs et des citoyens sont en train de devenir un enjeu économique et politique de premier plan.

Mais il est essentiel de la placer dans le contexte juste et d’aller au-delà des clichés court-termistes.

Read More
Info sec mag logo

Bridging the Gap Between IT Security and IT Operations


9 June 2017 / Author: JC Gaillard
Info Security Magazine

Life for a CISO could be better. Too many today look out over an landscape overrun by poorly-deployed security tools consuming too many scarce resources, and a dynamic between IT and security that is skeptical at best and distrustful at worst.

JC Gaillard from specialist firm Corix Partners examines how deal with those issues and bridge the gap between security and IT.

Read More
fic logo 2017

Ransomware: 5 practical tips to deal with attacks, and why good practices matter more than ever


14 December 2016 / Author: JC Gaillard
FIC (International Cybersecurity Forum)

Ransomware attacks have become one of the most dominant forms of cyber-attacks over the past few years. There is no doubt that those can be very disruptive, essentially when targeting key systems, critical data, or large populations of senior executives who have to be given emergency – secure – replacement devices to continue working, and might have lost highly valuable or sensitive data in the attack. For large firms, losses can easily run into the tens of millions by the time everything is added up. At the other end of the scale, there are also many ransomware attacks targeting isolated users with low ransoms, which as a result often get paid “to get rid of the problem quickly” so that the affected individual can resume normal work.

JC Gaillard from leading consulting firm Corix Partners offers 5 practical tips to deal with attacks.

Read More
IOD Director logo

Cyber insurance: what do you think you’re buying?


17 November 2016 / Author: JC Gaillard
IoD Director

As cyber security grows in importance so too does cyber insurance. But business leaders should look before they leap, says JC Gaillard of specialists Corix Partners

In reality, the market is still maturing and presents significant blockages that are confusing brokers, underwriters and regulators, and may limit the value many clients can get from products.

Read More
New Statesman article

The board strikes back


29 February 2016 / Author: JC Gaillard
The New Statesman

Recent data breaches have scared Board members – in particular the TalkTalk incident in October 2015, and the aggressive media coverage that surrounded it.

Still, even in response to Board level demands, many large organisations continue to focus on IT point solutions, looking for some imaginary tactical silver bullet that would make the problem disappear.

In our opinion, this is a problem deeply rooted in corporate governance, organisational and cultural matters, which requires a fundamental rethinking and rewiring of information security practices, driven by the Board itself.

This article from Corix Partners was featured in the New Statesman Cyber Security supplement published on 26th February 2016. Other contributors to the supplement included Ed Vaizey, minister for the Digital Economy; Malcolm Marshall, global leader for cyber security at KPMG and Dr Adrian Davis, managing director for Europe, Middle East and Africa at (ISC)2.

Read More
Info Sec Buzz logo

4 Tips for CIOs to Deal Efficiently with Shadow IT


3 December 2015 / Author: JC Gaillard
Information Security Buzz

Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager. Thinking about Shadow IT as a “problem” and something that should be banned is not the right start. Embracing it without controls as the way forward is equally wrong. This is just part of a different way of working around technology and security.

JC Gaillard of Corix Partners shares his top 4 tips for CIOs to effectively and efficiently deal with the matter of Shadow IT.

Read More