What does it take?

I wasn't going to blog about Carphone Warehouse being fined £400k by the ICO for a breach, because boring-boring-you've-done-this-before, but then I couldn't help myself. Carphone's offence? A data breach. Resulting from poor maintenance of cyber security on an internet-facing webserver. You remember TalkTalk? They were fined £400,000 just over a year ago. For a … Continue reading What does it take?

The importance of governance – a dozen good questions you should ask your Board

Information security is a Board issue. Not everyone seems to appreciate this, and one of the more disheartening aspects of my day job is how hard it is to get senior execs to take the time to have security awareness training and engage with security policy. Why is it a Board issue? Firstly because directors … Continue reading The importance of governance – a dozen good questions you should ask your Board

What’s worse – poor security or poor communications?

The TalkTalk saga grinds on. It’s abundantly clear that their security was inadequate. Even their CEO admits it, although she’s determinedly clinging on to her job – presumably some poor sucker in IT will eventually carry the can. After all, that’s what happened at Target. What’s interesting is not so much that they were hacked, … Continue reading What’s worse – poor security or poor communications?

Non-exec? Are you asking the right questions?

A non-exec directorship might (unfairly) be seen as a sinecure – a reward for a career’s accomplishments – combining a comfortable stipend with a light workload and the occasional decent lunch. Once upon a time this might well have had some truth to it, but the winds of change have long blown through the boardroom, … Continue reading Non-exec? Are you asking the right questions?