The board strikes back
Recent data breaches have scared Board members – in particular the TalkTalk incident in October 2015, and the aggressive media coverage that surrounded it.
Still, even in response to Board level demands, many large organisations continue to focus on IT point solutions, looking for some imaginary tactical silver bullet that would make the problem disappear.
In our opinion, this is a problem deeply rooted in corporate governance, organisational and cultural matters, which requires a fundamental rethinking and rewiring of information security practices, driven by the Board itself.
This article from Corix Partners was featured in the New Statesman Cyber Security supplement published on 26th February 2016. Other contributors to the supplement included Ed Vaizey, minister for the Digital Economy; Malcolm Marshall, global leader for cyber security at KPMG and Dr Adrian Davis, managing director for Europe, Middle East and Africa at (ISC)2.Read More
4 Tips for CIOs to Deal Efficiently with Shadow IT
Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager. Thinking about Shadow IT as a “problem” and something that should be banned is not the right start. Embracing it without controls as the way forward is equally wrong. This is just part of a different way of working around technology and security.Read More
Cyber Security: The Board of Directors Needs to ask the Real Questions
In August 2014, the US-based Institute of Internal Auditors Research Foundation published (together with ISACA at their 2014 GRC joint conference) a research report focused on what the Board of Directors needs to ask in relation to Cyber Security.
As approach the 2015 GRC Conference – to be held in Phoenix, AZ on 17-19 August – J.C. Gaillard of Corix Partners offers his views on the 2014 report, and his own take on the key questions the Board of Directors should consider around Cyber Security.Read More
More Control, Less Risk
This article discusses the importance of technologists focusing more on threats and controls and less on risk in order to build an effective Cyber Security Practice.
It shines a light on the typically risk focused nature of the industry and why shifting that focus onto the implementation of effective controls to protect an organisation against real threats is key in effective Cyber Security. It also discuss the disconnect in viewpoints between technologists and business users – and how this can lead to a dangerous position, whereby an organisation develops a false sense of protection against cyber threats and cyber-crime.Read More