8 items with this tag.
Writing on information security governance, risk management, and operational security in manufacturing
Sten Eikrem - Information Security & Cybersecurity Governance | Risk Management | IT/OT Security in Manufacturing
Every organisation has an ISMS. Most of them don't have a management system. Here's the difference, and why it matters under NIS2.
Most organisations start with standardised control catalogues and work backwards to justify coverage. Few start with business context, threat landscape, and actual vulnerabilities to determine which controls reduce risk and which waste resources.
A Norwegian court case delivers a €5.6 million lesson on business continuity, supplier management, and why manufacturing executives can't outsource operational accountability
Most security governance is theatre. Committees that rubber-stamp, decisions that decide nothing, metrics that measure activity not outcomes. Here's how to build governance that actually works.
Most cybersecurity incidents trace back to implicit risk acceptances hidden in everyday business choices. The hardest root causes to analyse are those buried in decisions we never understood we were making.
Threshold-based IR coverage, pre-approved suppliers, and using preventative services strategically