Subscribe to Blogs
When it comes to leveraging your cyber resources it is important not to forget the technology, however, the key point to make here is do not simply continue to do what you have always done. That can just lead to “busy work” and essentially you can’t solve all the problems in security just by employing technology, no matter how state of the art it is. The security field is one that is ripe for greater adoption of technology tools to magnify the abilities of security teams.
Cyber security resources are in high demand. The challenge for organisations is that there is a shortage of the right kinds of resources for security roles. In this new series of blogs I examine the reasons for the growth in cyber roles and the rise of co-sourcing as a preferred option for today’s CIOs. Before I do that, let’s start with some startling stats:
It’s that time of year again when those with budget responsibility are being asked to submit their final numbers. With this in mind, it is worth remembering that of all the areas up for review by the Board, IT will often be the most hefty. IT is (or should be) a strategic asset, servicing the business and helping it meet its strategic and tactical objectives and revenue targets. The challenge is to ensure that IT and business budgets are aligned. In some organisations this communication is only done when the budgets are being finalised.
Change is coming to the London insurance market but not everyone is receptive to uncertainty and the unknown. How do change management professionals bring on board people that are affected by change that may not always be in their own individual interests?
This is my last blog in the recent series I have been writing about Protect part of the NIST cybersecurity framework. So far in In this series I have covered Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures. This concluding blog focuses on Protective Technology.
VUCA was introduced by the U.S. Army War College to describe the more Volatile, Uncertain, Complex and Ambiguous multilateral world which resulted from the end of the Cold War. The common usage of the term VUCA began in the 1990s and derives from military vocabulary. It has been subsequently used in emerging ideas in strategic leadership that apply in a wide range of organisations, including everything from for-profit corporations to education. VUCA is moving into the business environment, which includes, of course, insurance and financial services.
Thank you for reading my latest blog on NIST standards and the Protect function. In this blog I will look at how Data Security falls under the Protect function. User access control starts the ball rolling on this so it’s all about knowing what the criticality and sensitivity of your data is. Assess your data’s criticality to the business. Know what you data assets are.
In my last blog I outlined a number of questions that all came up at a recent breakfast seminar I led where all the participants discussed the complexities of solving tame, crisis and wicked problems and the VUCA (Volatility, Uncertainty, Complexity and Ambiguity) approach for general conditions and solutions.
In my last blog I examined the NIST Framework Protect function and what that means for organisations, their IT teams, Chief Risk Officers and the C-suite. In this week’s blog I examine how Awareness and training form a major pillar of the Protect function.
It is fairly safe to say that we live in interesting times. More than that, we live in rapidly changing times. All Change Management professionals and Project Management Office teams are asking themselves the same questions. How can we keep pace with rapid business transformation, tectonic shifts in the economic and finance environment (starting in the UK post Brexit) and almost bewildering societal change? These questions all came up at a recent breakfast seminar I led where our panel of change management experts and audience of insurance sector participants discussed the complexities of solving tame, crisis and wicked problems and the VUCA (Volatility, Uncertainty, Complexity and Ambiguity) approach for general conditions and solutions.
In this series of blogs I will examine the Protect function and what that means for organisations, their IT teams, Chief Risk Officers and the C-suite. It is important to develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cyber security event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. So what is access control?
Over the past quarter century it has become easier and relatively cheaper for businesses to develop resilient IT infrastructures with breakthrough technologies. Most industry leading service providers have taken to cloud solutions, some offering core business IT solutions “as a Service”.
Underwriters, brokers, and reinsurers face a range of cyber threats. No insurance company wants to pay a fraudulent claim, no broker want to be leaking personal data, no reinsurer wants to be paying a reinsurance claim where there is the right information or the cedant is waiting to receive the pay-out – but there are plausible scenarios where hackers might be one step ahead. Imagine a scenario where there is a major “big ticket” claim that is being processes on, an incident like the Costa Concordia, for example.
The cyber threat is not just external. Do not assume that once a visitor walks through the front door of the building that they are a neutral. I have seen cases where a visitor comes in for a meeting with a company only to leave a USB thumb drive with a virus or key logging software, which takes individual key presses and transmits them to a server on the outside. As a result every time an employee logs in her user ID her password can be captured.