7 items with this tag.
Writing on information security governance, risk management, and operational security in manufacturing
Sten Eikrem - Information Security & Cybersecurity Governance | Risk Management | IT/OT Security in Industry and Energy
Most projects treat security as a late-stage constraint. The system security concept, aligned to buy-build-run phases, makes it a business input from the start.
Every organisation has an ISMS. Most of them don't have a management system. Here's the difference, and why it matters under NIS2.
Most security governance is theatre. Committees that rubber-stamp, decisions that decide nothing, metrics that measure activity not outcomes. Here's how to build governance that actually works.
Most cybersecurity incidents trace back to implicit risk acceptances hidden in everyday business choices. The hardest root causes to analyse are those buried in decisions we never understood we were making.
Threshold-based IR coverage, pre-approved suppliers, and using preventative services strategically