6 items with this tag.
Writing on information security governance, risk management, and operational security in manufacturing
Sten Eikrem - Information Security & Cybersecurity Governance | Risk Management | IT/OT Security in Manufacturing
Every organisation has an ISMS. Most of them don't have a management system. Here's the difference, and why it matters under NIS2.
Most security governance is theatre. Committees that rubber-stamp, decisions that decide nothing, metrics that measure activity not outcomes. Here's how to build governance that actually works.
Most cybersecurity incidents trace back to implicit risk acceptances hidden in everyday business choices. The hardest root causes to analyse are those buried in decisions we never understood we were making.
Threshold-based IR coverage, pre-approved suppliers, and using preventative services strategically