The Golden Security Circle

The Golden Security Circle

Our second blog on management models applicable for Digital Security is all about creating a compelling vision. Introduction A common practice in Digital Security is to improve the level of security by implementing a framework (e.g., ISO27001/2, ISF, COBIT, NIST, etc.). Deficiencies in compliance with these frameworks are then defined and improvements can be executed. These improvements are defined in a security plan, which is sometimes misnamed as a security strategy.

Porters’ 5 Forces Elements for a Digital Security Strategy

Porters’ 5 Forces Elements for a Digital Security Strategy

Over the years we learned that other management models outside the digital security profession are relevant for digital security. In the coming three blogs, we will present three examples of management models pertaining to Digital Security. This is the first of this trilogy. Introduction Hackers and negative (social) media hypes have proven able to bring proud organizations to their knees, yet many information security managers and CISO’s lack a strategy

To Really Know Your Enemy

To Really Know Your Enemy

There is a saying by Sun Tzu in the Art of War in which he states, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. ‘If you know neither the enemy nor yourself, you will succumb in every battle”.Also, in the book About Face by

Cultural Legacy is blocking the CISO breakthrough

Cultural Legacy is blocking the CISO breakthrough

The field of the Chief Information Security Officer (CISO) is undergoing a development similar to the route taken by the CFO position in the past. The work of both officers is not essentially different, only the instruments differ. The CFO wants to obtain financial assurance, but also wants to save costs on all kinds of inefficient finance processes. You see exactly the same thing happening with information security. With the

Emerging roles in Digital Security

Emerging roles in Digital Security

We want to feel safe in this brave (and scary) new world we’re creating of machines, robots and artificial intelligence. Technological & political trends will definitely influence our profession. This new world will call for new jobs with new skillsets that address the future challenges ahead. Not only the role of CEO and CFO will change due to tech dominance in business also the role of the security officers and

Ending the cold war in cybersecurity

Ending the cold war in cybersecurity

We all know about the cold war period of geopolitical tension between the Soviet Union with its satellite states, and the United States with its allies after World War II (until 1989-1991). George Orwell used the term cold war in his essay “You and the Atomic Bomb” (published on 19 October 1945 in the British newspaper Tribune), contemplating “a world living in the shadow of the threat of nuclear warfare (a

Get the biggest bang for your security buck

Get the biggest bang for your security buck

Over the last seven years, our role as Chief Information Security Officer (CISO) has drastically changed. According to our Microsoft Outlook Analytics client, more than fifty percent of our mail is spam from cybersecurity suppliers, trying to grab our attention by selling fear, uncertainty and doubt (FUD). Over the last decade, we’ve seen this industry explode with self-proclaimed “cyber pros” and fuzzy vendors in the cyber domain. Is this because

Is Digital Security a market for lemons?

Is Digital Security a market for lemons?

Although information security has a long history, it wasn’t really top of mind of senior management, Board or other employees until late 2010s. A “security professional” became a real job and market demand has grown ever since. Awareness about security risks increased significantly. The thriving forces for this were major security breaches such as Snowden, NotPetja and WannaCry shocking the world, but also regulators demanding companies to protect their critical

De stille vijand in cybersecurity

De stille vijand in cybersecurity

Het belang van goede security wordt doorgaans alleen door harde lessen begrepen. Pas na een ramp beseffen mensen dat het verstandiger zou zijn geweest om vooruit te denken en in security te investeren. Keer op keer stellen naïevelingen zich bloot aan grote risico’s, om achteraf te erkennen dat veel schade voorkomen had kunnen worden door basale securitymaatregelen. In de huidige praktijk zijn beveiligingsverbeteringen vooral gericht op het implementeren van nieuwe

Which of these 4 CISO archetypes do you deserve?

Which of these 4 CISO archetypes do you deserve?

Why is it that CISOs have such a low retention in firms and leave after 1-2 years? Is this because recruiters and HR professionals find it hard to discover what is actually needed and “copy paste” function profiles with the exact same requirements, rather than looking at the real need in the organization: M&A strategy, family business, scale-up phase, consolidation, preparing for sales of the company, cultural differences etc.? The