10 items with this tag.
Writing on information security governance, risk management, and operational security in manufacturing
Sten Eikrem - Information Security & Cybersecurity Governance | Risk Management | IT/OT Security in Industry and Energy
Most organisations confuse risk appetite with risk tolerance. Between the two sits governance, and almost nobody manages that gap. Here is why it stays open.
Most projects treat security as a late-stage constraint. The system security concept, aligned to buy-build-run phases, makes it a business input from the start.
Every organisation has an ISMS. Most of them don't have a management system. Here's the difference, and why it matters under NIS2.
Most organisations start with standardised control catalogues and work backwards to justify coverage. Few start with business context, threat landscape, and actual vulnerabilities to determine which controls reduce risk and which waste resources.
A Norwegian court case delivers a €5.6 million lesson on business continuity, supplier management, and why manufacturing executives can't outsource operational accountability
Most security governance is theatre. Committees that rubber-stamp, decisions that decide nothing, metrics that measure activity not outcomes. Here's how to build governance that actually works.
Most cybersecurity incidents trace back to implicit risk acceptances hidden in everyday business choices. The hardest root causes to analyse are those buried in decisions we never understood we were making.
Threshold-based IR coverage, pre-approved suppliers, and using preventative services strategically