Auteur: owner

Over the years we learned that other management models outside the digital security profession are relevant for digital security. In the coming three blogs, we will present three examples of management models pertaining to Digital Security. This is the first of this trilogy. Introduction Hackers and negative (social) media hypes have proven able to bring proud organizations to their knees, yet many information security managers and CISO’s lack a strategy

There is a saying by Sun Tzu in the Art of War in which he states, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. ‘If you know neither the enemy nor yourself, you will succumb in every battle”.Also, in the book About Face by

The field of the Chief Information Security Officer (CISO) is undergoing a development similar to the route taken by the CFO position in the past. The work of both officers is not essentially different, only the instruments differ. The CFO wants to obtain financial assurance, but also wants to save costs on all kinds of inefficient finance processes. You see exactly the same thing happening with information security. With the

We want to feel safe in this brave (and scary) new world we’re creating of machines, robots and artificial intelligence. Technological & political trends will definitely influence our profession. This new world will call for new jobs with new skillsets that address the future challenges ahead. Not only the role of CEO and CFO will change due to tech dominance in business also the role of the security officers and

We all know about the cold war period of geopolitical tension between the Soviet Union with its satellite states, and the United States with its allies after World War II (until 1989-1991). George Orwell used the term cold war in his essay “You and the Atomic Bomb” (published on 19 October 1945 in the British newspaper Tribune), contemplating “a world living in the shadow of the threat of nuclear warfare (a

Over the last seven years, our role as Chief Information Security Officer (CISO) has drastically changed. According to our Microsoft Outlook Analytics client, more than fifty percent of our mail is spam from cybersecurity suppliers, trying to grab our attention by selling fear, uncertainty and doubt (FUD). Over the last decade, we’ve seen this industry explode with self-proclaimed “cyber pros” and fuzzy vendors in the cyber domain. Is this because

Although information security has a long history, it wasn’t really top of mind of senior management, Board or other employees until late 2010s. A “security professional” became a real job and market demand has grown ever since. Awareness about security risks increased significantly. The thriving forces for this were major security breaches such as Snowden, NotPetja and WannaCry shocking the world, but also regulators demanding companies to protect their critical

Het belang van goede security wordt doorgaans alleen door harde lessen begrepen. Pas na een ramp beseffen mensen dat het verstandiger zou zijn geweest om vooruit te denken en in security te investeren. Keer op keer stellen naïevelingen zich bloot aan grote risico’s, om achteraf te erkennen dat veel schade voorkomen had kunnen worden door basale securitymaatregelen. In de huidige praktijk zijn beveiligingsverbeteringen vooral gericht op het implementeren van nieuwe

Why is it that CISOs have such a low retention in firms and leave after 1-2 years? Is this because recruiters and HR professionals find it hard to discover what is actually needed and “copy paste” function profiles with the exact same requirements, rather than looking at the real need in the organization: M&A strategy, family business, scale-up phase, consolidation, preparing for sales of the company, cultural differences etc.? The

With regard to privacy, regulators are licensed to impose fines on underperformers. Shouldn’t that also be the case with cyber risk in general? Somehow the ethics and economics of cyber risk follow a different path. The regulatory imperative that acts as an incentive for improvement in many sectors, seems to be non-existent when it comes to cyber risk. One might say that we need more incentives for maturing analysis of