Risk Management Archives - Page 2 of 5

Rapid Reaction: A Series on Incident Management and Response

By Jim, on 14 October, 2016

This is the first in a series of articles that aim to help organisations build and maintain their information security incident management and response capability.

With the exception of a few organisations, it seems that the effort put into establishing an information security incident management and response capability is limited to developing a documented process. Most do the bare minimum required to tick the “has an incident response process” box, with little to no regard about how effective the process is. That’s why very few organisations actually detect information security (or cyber security if you prefer) incidents in a timely manner, and fewer still are able to handle and resolve them in an efficient and effect way to minimise the impact.
Read More

There is still only one way to eliminate risk

By Jim, on 6 May, 2016

This is not a new post, I originally wrote and published it nearly six years ago. However, based on a number of discussions I have been party to over the last few weeks, not much has changed since it was published so I thought I would repost it as a prologue for a new series of blog posts about risk, risk assessment and risk management.

CASBs – The Emperor’s New Clothes?

By Jim, on 2 March, 2016

It seems that Fear Uncertainty and Doubt (FUD) will always be used to sell products that no-one needs to solve problems that no one really has.

Risky Business

By Jim, on 28 January, 2016

There is a significant focus within government agencies on the management of risks associated with the adoption of cloud services. This is to be expected as the general perception is that the “cloud” is risky and that adopting cloud services could result in bad outcomes.

Compliance, a way to provide clients with the assurance that you can safeguard their information

By Jim, on 27 March, 2015

Perform a search on compliance and you will find that there are many definitions. People have a slightly different view of what compliance means and what is included or not. In general, compliance means conforming, satisfying or adhering to a rule. This rule can be a specification, a policy, a standard, a law, a procedure or a requirement.

Are Smart Meters really collecting ‘torrents’ of Personal Information?

By Michael, on 19 February, 2015

Last week the Dominion Post published a front-page article stating that the Office of the Privacy Commissioner (OPC) had found that smart meters were collecting a “torrent of personal information”. It appears that the media relishes creating hysteria about privacy in the hope that we all beat a retreat from digital-enabled age because our personal information is being ‘stolen’ by corporate businesses and government agencies.

The Blog

Category: Risk Management