How to manage risk and security when outsourcing development

Are you planning to offer a SaaS product, perhaps combined with a mobile app or two? Many companies operating in this space will outsource development, often because they don't have the right in-house capacity or competence. In many cases the outsourcing adventure ends in tears. Let's first look at some common pitfalls before diving into … Continue reading How to manage risk and security when outsourcing development

Handling suppliers with low security awareness

Supply chain risk – in cyberspace Cyber supply chain risk is a difficult area to manage. According to NIST 80% of all breaches originate in the supply chain, meaning it should be a definite priority of any security conscious organization to try and manage that risk. That number was given in a presentation by Jon … Continue reading Handling suppliers with low security awareness

Can cybersecurity culture be measured, and how can it drive national policy?

Background NorSIS has studied what they term cybersecurity culture in Norway. The purpose of their study has been to help designing effective cybersecurity practices and to understand what security regulations Norwegians will typically accept. The study wants to measure culture, a concept that does not easily lend itself to quantification or simple KPI’s. The attempt … Continue reading Can cybersecurity culture be measured, and how can it drive national policy?

How to build up your information security management system in accordance with ISO 27001

Maintaining security is an ongoing process which requires coordinated effort by the whole organization. Without backing from the top management levels and buy-in through the ranks there is little chance of building up resilience against cyber attacks. As organization complexity increases and value creation becomes distributed it will be necessary to have an integrated approach … Continue reading How to build up your information security management system in accordance with ISO 27001