When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can read our whitepaper on[…]
My business partner and co-founder at risk3sixty, Christian White (CW), is a West Point graduate and former Ranger-qualified Captain in the U.S. Army. He served under some amazing leaders (like Rob Campbell who wrote a book about leadership called “It’s Personal not Personnel“) and had the opportunity to lead and develop hundreds of men and[…]
Windows Servers are practically irresistible to hackers everywhere. This makes the lone Windows Server a perfect candidate for a honeypot. In this post we explore how to use a Windows Server to divert a hacker’s attention from what matters than by giving them what they think is an easy win!
Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
Business boils down to one thing: People People are the most challenging (and rewarding) part of a successful business. And I mean the full lifecycle of employee experience. You have to do a great job recruiting, making hiring decisions, then training people better than anyone else, creating a culture where people want to stay,[…]
I just finished the book “GRIT: The Power of Passion and Perseverance” by Angela Duckworth. Duckworth is a professor at the University of Pennsylvania and has studied Grit in the context of success for over a decade. The results of her studies: Grit matters. Instinctively, when I speak with leaders of organizations they know that[…]
I recently finished the book “Traction” by Gino Wickman. Next to Scaling-Up by Verne Harnish, I think it is one of the most actionable business books I’ve ever read. Our team has informally adopted both books as part of the risk3sixty cannon. While the book is largely about building a great running business – I[…]
Mention “Risk Committee” or “Enterprise Risk” to upper management and you will probably get an eye role. If you suggest a standing meeting about risk – it might get you fired. BUT – I believe the risk committee meeting can be the most valuable meeting on your calendar. Here’s how: Why Risk Committee Meetings Are[…]
Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of directors. The problem for most[…]
“Managing the Professional Services Firm” by David Maister is considered to be “core canon” among consulting professionals. Though it was originally published over 25 years ago (1993) it has aged gracefully and almost all of its content is still relevant today. One of our team’s favorite distinction, as pointed out by Maister, is the difference[…]