As a security executive, I often find myself troubled about the lack of cyber risk understanding in companys' executive management. I may be wrong, but apparently not very much. Lately, the voices for the need of proper cyber security risk governance at the board level are getting louder, and are coming from multiple sources; including the US Security and Exchanges Committee.
9th Information Security Conference - Greece
Posted on Tuesday, 29th of March 2022 • presentations • permanent link •Read time: 3 minutesThree years after my last appearance in a conference due to COVID-19 lockdowns, I was invited to present to the 9th Information Security Conference in Greece. The conference theme was Enabling a Secure Future: Managing Risks in a Constantly Changing World. The conference was virtual / online and was held on the 17th of February, 2022.
How to budget for security?
Posted on Friday, 8th of November 2019 • management • permanent link •Read time: 6 minutesI often get into discussions about budgets and how much a company should invest in its security program. There is no easy answer because the problem we are trying to solve has many unknowns.
There are many ways one may address this question, the main one being a rule of thumb.
To cyber-insure or not?
Posted on Tuesday, 4th of December 2018 • security • permanent link •Read time: 4 minutesProfessional liability insurance has been around for long. It is not a surprise that Cyber Insurance is becoming a trend lately, considering the constantly raising number of security breaches. The post in one sentence: Cyber insurance is a good thing but be careful what you wish for.