Top of the iceberg: politicians’ private email accounts and shadow IT

In CISO circles the term "shadow IT" is commonly used for when employees use private accounts, devices and networks to conduct work outside of the company's IT policies. People often do this because they feel they don't have the freedom to get the job done within the rules. This is not only for low-level clerks … Continue reading Top of the iceberg: politicians’ private email accounts and shadow IT

Cybersecurity for boards – the short story

A few days ago I wrote a post on the lack of cybersecurity skills in corporate boards, and how to fix that. This became one of the most popular posts on the blog. That's why I created this short summary video - that you can easily share with your top management and board members. https://www.youtube.com/watch?v=HQF9G2lUDPMContinue reading Cybersecurity for boards – the short story

How to build up your information security management system in accordance with ISO 27001

Maintaining security is an ongoing process which requires coordinated effort by the whole organization. Without backing from the top management levels and buy-in through the ranks there is little chance of building up resilience against cyber attacks. As organization complexity increases and value creation becomes distributed it will be necessary to have an integrated approach … Continue reading How to build up your information security management system in accordance with ISO 27001

Thinking about risk through methods

Risk management isĀ  a topic with a large number of methods. Within the process industries, semi-quantitative methods are popular, in particular for determining required SIL for safety instrumented functions (automatic shutdowns, etc.). Two common approaches are known as LOPA, which is short for "layers of protection analysis" and Riskgraph. These methods are sometimes treated as … Continue reading Thinking about risk through methods