COVID-19 Will Change Forever How We Look at Business Continuity / Crisis Management

The effects of the COVID-19 on businesses are already unprecedented. It’s also going to get worse before it gets better, and I don’t just mean the ridiculous demand for toilet roll. While I am not very good at thinking in ‘futuristic’ terms, even I already know that the businesses that manage to survive will have no choice but to fundamentally change how they do what they do.

Permanently.

Continue reading

Running Marathons: The Perfect Cybersecurity Analogy

What follows is an analogy that I have been meaning to write for years, but, like all great procrastinators, I let life get in the way.

Be warned however, I have taken significant ‘poetic licence’, and generalised outrageously, so don’t be too upset with the glaring ‘plot’ holes. I have also written this from the perspective of my own experience running, not from a true runner’s perspective. Anyway, I’m still faffing…

Continue reading

Getting from 'Paper' Policies to Regulatory Compliance

I have lost count of the number of times I have stated the equivalent of; “Without good policies you’ll never have real security. “. Then again, security is what I do for a living, so it’s obvious to me, but clearly it’s not obvious to the thousands of organisations who think policies are just pieces of paper you use to tick a compliance box.

Then it occured to me that maybe organisations just don’t know how to take a policy and turn it into something that can be used to both demonstrate and validate adherence to a regulatory compliance regime such as GDPR or PCI. Or perhaps just as importantly, pass a due diligence audit for a potentially huge client.

Continue reading

The Rise of the Breach Response Specialist

It was not that long ago that the most senior security incumbent at the time of a data breach was not only fired ignominiously, but torn to shreds by his/her ‘peers’ as being anything from unqualified, to incompetent, to grossly negligent.

They became nothing short of pariahs.

The vestiges of this ridiculous practice are still rife (take BA for example), but things are changing, and we all have a Recital to thank for it:

Continue reading

[SELF-PROMOTION] New Core Concept Security Website

After 6 years of faffing around, my Core Concept Security website is finally up and running! Click (https://coreconceptsecurity.com).

Core Concept Security

It’s very basic, so I should be grateful for your comments / suggestions on improvement.

Many thanks,

David