Tag: security-governance

Portfolio

Security governance portfolio organised around core ISMS capabilities, a management system that delivers value beyond the compliance certificate

System Security Concepts

A 7-article series on implementing systematic security documentation within ISMS frameworks, from foundational concepts to practical implementation templates

Welcome

Sten Eikrem - Information Security & Cybersecurity Governance | Risk Management | IT/OT Security in Manufacturing

The ISMS beyond the certificate

Every organisation has an ISMS. Most of them don't have a management system. Here's the difference, and why it matters under NIS2.

Security concepts: bridging the gap between risk and reality

Without understanding the full system context, risk assessments default to compliance control catalogue validation. Security concepts, widely used in military classified systems, offer a better path.

System Security Concepts - The foundation of security governance

Core Components - What Makes a Security Concept Effective

The Living Document - Lifecycle and Change Management

Implementation Guide - Templates, Tools, and Getting Started

Governance that actually governs

Most security governance is theatre. Committees that rubber-stamp, decisions that decide nothing, metrics that measure activity not outcomes. Here's how to build governance that actually works.