Cybersecurity, Information Risk Management SOC it to Them – But make sure the fundamentals are in place first

Many organisations are cottoning on to the benefits of a Security Operations Center (SOC) when it comes to achieving effective enterprise-wide systems monitoring, incident detection and response...

Read more…
Executive Management, Information Risk Management How to Get Business Managers On-side with Information Security and Cyber-risk

One of the biggest challenges facing Cyber Security staff is dealing with the misconceptions held by senior managers within an organisation. Many business managers have a misguided picture of information security and the possible consequences...

Read more…
Cybersecurity, Information Risk Management What Can CISO’s do to Mitigate Security Risks Posed by Third Party Suppliers?

In today’s hyper-connected digital age, it’s not unusual for medium to large-sized companies to have hundreds, or even thousands, of third-party suppliers. This can range from product suppliers, to billing processors, to cloud providers, and a variety of different services...

Read more…
Company News CRMG Become CIISec Corporate Members

CIISec are delighted to welcome Cyber Risk Management Group (CRMG) as Corporate Members. CRMG is a leading provider of cyber security and information risk consultancy services and training courses...

Read more…
Executive Management, Podcasts CRMG Podcast: Changing Senior Management’s Perception of Cybersecurity for the Better

We constantly hear “senior management ‘get it’” – but do they really? Senior management's awareness of information security and cyber threats is essential if security teams are to effectively mitigate against them...

Read more…
Cybersecurity Prioritising Cyber Threats in 2020: Factors for success

In 2020, increased digital innovation is going to expand the threat landscape drastically, with the acceleration of technologies such as 5G, cloud and Internet of Things (IoT). This will lead to increased data creation, sharing and storage at a pace that is difficult for security teams to keep up with...

Read more…
Executive Management, Podcasts Building a Business that Serves – Interview with Nick Frost

In this episode, I interview Nick Frost. Nick is the Co-Founder of CRMG and has been involved in Cyber Security for over 20 years. Prior to starting his own business, he has held leadership roles at PWC and other similar companies. He started his first company in 2015 and just started CRMG in 2018 with a colleague...

Read more…
Information Risk Management Why Cloud Risk Will Raise Business Risk in 2020

Going into 2020, businesses are expected to continue the transition from on-premise to cloud.  Many are increasingly adopting a cloud-first strategy, where if possible, they will run their services on a cloud platform vs keeping them in a data center.  And why not? The benefits of moving to the cloud are enormous and the list is long...

Read more…
Company News Neil Ackerley Joins the CRMG Team as Principal Consultant

The Cyber Risk Management Group (CRMG) welcomes Neil Ackerley to the team as Principal Consultant. Neil will be working across multiple services from information risk management and risk assessments, to cyber security governance and CISO staff placements...

Read more…
Information Risk Management, Podcasts CRMG Podcast: How to Manage Third Party Risk When you Have Thousands of Suppliers

Not so long ago, the idea of outsourcing critical business functions or IT systems to a third party supplier would have been off limits for many organisations because of the level of risk involved. However today, the use of third party suppliers has increased exponentially...

Read more…
Cybersecurity Resilience: It’s not just about the technology

‘Cyber resilience’ seems to be something of a buzz phrase right now, with social media and vendor  promotional material often mentioning the importance of resilience. Many conversations about resilience focus on the importance of strong, robust defences, however are robust and strong defences really signs of resilience?...

Read more…
Information Risk Management Risk in Retail: Staying on the right side of the headlines

In the last 30 years, the risk landscape has transformed significantly for retailers. Think back to the early 1980s.  There was no internet then. Every retailer had only on-site equipment, some of which would be in their own data centers or in a rack in a small room in their office buildings...

Read more…
Information Risk Management, Podcasts CRMG Podcast: A Pragmatic Approach to Defining your Threat Profile

Organisations are facing new types of advanced persistent threat scenarios that current risk management programmes cannot defend against. To effectively counter threats, business leaders must have a...

Read more…
Information Risk Management How to Make Sense of Risk Management in Cyber Security? Tip: Avoid gut instinct

You can't avoid risk management. It's just as fundamental to our business as it is to our lives. From checking an email address before sending sensitive documents, to looking left and right before crossing a road...

Read more…
Cybersecurity Governance Chernobyl and its Cyber Lessons – Part 2

HBO’s recent ‘Chernobyl’ series, which re-told the story of the nuclear accident that threatened much of Europe in 1986, made for compelling viewing. The accident was said to have helped prompt the fall of the Eastern block and bring about a fundamental shift in global politics....

Read more…
Cybersecurity Governance Chernobyl and its Cyber Lessons – Part 1

HBO’s recent ‘Chernobyl’ series, which re-told the story of the nuclear accident that threatened much of Europe in 1986, made for compelling viewing. The accident was said to have helped prompt the fall of the Eastern block and bring about a fundamental shift in global politics...

Read more…
Executive Management, Information Risk Management The Challenges in Assessing Third-Party Cybersecurity Risk – A case study

Imagine this scenario: A CISO leading a cyber security department receives an urgent request from a senior executive.  The senior executive is getting ready to close a big deal with a third party...

Read more…
Cybersecurity Governance, Executive Management Top Management and Cyber Security – Sometimes you just need a better strategy

As a CISO, you’re likely to have put forward many plans to improve the security posture for the users of your organisation.  Much of the time, you get Executive sign off and roll out whatever initiative it might be...

Read more…
Cybersecurity Governance, Privacy & Data Protection How Can You Protect What You Don’t Know You Have?

On more than one occasion, I have stood before senior management and posed the question “what are your information assets?” – and in each case, they didn’t know...

Read more…
Cybersecurity Governance, Executive Management Cyber Security: Often a case of ‘too much, too late’

We live in a new world where cybercrime is bigger business than the global drugs trade. Cybercriminals can be both targeted and indiscriminate. It’s a $2 trillion business. Worrying stuff.

Read more…