24 Mar 2017

NBlog March 24

Progress!  The staff seminar quickly spawned a management seminar with a few content changes to suit a different audience with different interests and concerns.

We've picked up on cloud computing, for example, an innovation with strong security implications. Cloud computing is of limited relevance to staff but is of interest to managers in organizations that have it in use already, whether or not they explicitly sanctioned it as a corporate initiative. Given the headlong rush to get into the cloud, are the associated information risks and opportunities being professionally managed, alongside the technology, commercial and other aspects? Raising management's appreciation of the typical concerns in this area is a valuable outcome of the awareness program, compared to the alternative i.e. ignorance, perhaps even reckless abandon!

The commercial aspects of innovation are also of direct interest to management. This includes the proliferation of dark-side services supporting criminal enterprise, such as money laundering, botnet rental and so on. So long as ransomware, identity theft, intellectual property theft and online bank heists continue making cybercriminals rich, they can afford to continue investing in the dark side services and infrastructure - in other words the threats and hence the risks are increasing.

Given the title, a newly published IT vendor report on 'securing innovation' looked promising. It provided a couple of useful quotes although, as is so often the way, a strong bias towards the vendor's own products and a myopic focus on IT rather than information, meant we couldn't make full use of it.

We're also making progress on the professionals' seminar. Blockchain and DevOps are two tech innovations to bring up there - just a high level slide on each. After all, this is 'just' security awareness, not tech training!

Although with just a week left until the end of the month there aren't many dark as in completed ticks on the tick-sheet above, most items are now in progress. The 3 sets of seminar slides and speaker notes will form the basis for the accompanying briefing papers, for example, with extra diagrams, press clippings and a few more words of explanation here and there. 


