Information Risk Management

How should you cope with the never ending stream of security patches to ensure that priorities are adequately served?

What makes or breaks the effectiveness of an information security awareness programme?

How do you put a value on your business information assets, and why is this necessary for good risk management?

The rising cost of securing corporate information and increasing globalisation of business make return on investment a major consideration for security management.

Aspects of corporate culture can thwart the best attempts at information security, preventing it integrating into business operations. The consequence is superficial ‘security as an afterthought’.

A change of emphasis in information security is long overdue. IT security remains necessary but is no longer sufficient on its own to protect the globally connected enterprise.

A fundamental reason we find information security hard - we assign it less effort and attention than the adversary does.

A business-centric approach to information security risk assessment is essential if we hope to avoid getting bogged down in spurious detail and missing the wood for the trees.

A satirical look at the serious problem of losing corporate control over outsourced security services.

Comment on a well specified government cyber security challenge, the implementation of which, sadly, was vulnerable to elementary cheating.