On the 22nd May 2021, President Joe Biden signed an executive order to improve the national cybersecurity posture. Section 2 of the Executive order was all about sharing threat and incident data between government and service providers. Section 3 takes Government Agency IT by the scruff of the neck and

I started off looking to write a summary of the Cyber Resilience Executive Order released on the 12th May 2021 by President Biden. Unfortunately, this is a must larger task than first envisaged. There is a huge amount of material condensed into a single document. The document is long and

The Institute for Security+Technology released a recommendations report on the 30th April 2021 with the help of a list of industry players, to try to stem the tsunami that is ransomware. The 81-page report says all the right kind of things, but the reader is left to wonder just how many Zoom

Sometimes the greatest lessons learnt are taken from the failures of others. This is likely to be the case with the BA GDPR fine, which landed on the BA HQ doormat on the 16th October 2020. After a year of negotiating and legal representations, the ICO in the UK finally issued

Companies often grapple with security frameworks as if it were a deeply theological question. Maybe you are a US multinational that has inherited NIST based controls but your clients want a certification of compliance which the NIST 800-53 cannot provide. Maybe you are an organisation who’s deeply technical experts reject

The Storting, the Norweigan Parliament, was targeted in a cyberattack in September 2020. Emails of MP’s and members of staff were hacked. Measures have been taken, and the incident reported to the police. Looking online for further information, what stands out is the uniformity of the response.

Norsk Hydro values of care courage and communication guiding company response to cyberattack

How do company values inspire your response? It went pear-shaped. Not sure exactly what happened, but a nasty message on screen, some speculation, and the decision to shut down. It may have had the urgency of “all the garbage mashers on the Detention Level”. Garmin India took the holding line

On July 19th 2020, Blackbaud Inc released a statement on a security incident that they had experienced. This incident resulted in a data breach of UK data associated with a number of UK Universities and a number of charity organisations. A full list of affected UK legal entities has not been disclosed