Having completed and submitted our bids yesterday, it's back to the day-job today, picking up where we left off the workplace information security awareness module.
Well it would be noses-to-the-grindstone ... except MS Office is playing up for no obvious reason, so I sit here watching the clock tick while it reinstalls, again, idly wondering why an organization the size of Micro$oft can't be bothered to put enough resources and effort into sorting out its numerous information security and quality problems properly, for once ... and so here I am an hour and much frustration later. It seems to be running, for now, sort-of: Outlook still tells me it isn't activated while the Office365 online site says "We’re still setting a few things up, but feel free to get started" (thanks a bunch: it was working until you screwed it up, M$). No clue what was wrong with it - lack of oomph in the dilithium crystals or something. Given how keen M$ is to charge us, perhaps we should send them an invoice for my wasted hour - just another in a long long run and I'm SURE it won't be the last.
Sorry, rant over.
As I was saying, the awareness module is coming along. Given the diverse nature of the modern workplace, the information risks and associated security controls are equally diverse, hence in some ways the module is losing focus - and yet that very diversity, along with the evolution of "work", presents challenges worth exploring. As I said the other day, workers are increasingly mobile while work of all kinds is increasingly IT-enabled, so the traditional emphasis on physical office security is becoming less relevant. Simply figuring out what the organization's information assets are, plus relevant third party information assets (not least BYOD and IoT things) plus where they are located, is hard enough even before we get down to assessing and deciding what to do about the information risks.