Management of your assets is a very important element of your cyber protection. If you don't know what you've got, you don't know what to protect!
Managing users that need constant systems access is often a nightmare these days, as no one seems to have the resource to constantly check their authorisation status and level.
Training your people in what to look for in an attack, how they can be manipulated by social engineers, needs to be constantly cycled throughout your organisation.
I am a certified information security manager and ISO27001 lead auditor with over 14 years of experience in audit, governance, risk, compliance and operational security.
Throughout this site, there is information that directs you to my skill areas, and should help to guide you to information relevant to my specialisation, availability and preferred working patterns.
I have taken a break from the workplace since September 2023, and am now ready to recommence my career in whatever area(s) you may see me working in; or as an information security management all-rounder, taking stock of your information security programme. There is information in this site detailing the methodology behind what I can do for you. Why not contact me - you've nothing to lose!
Management of risks should be at the heart of your information security programme. Without risk management you will be unable to assess your current and desired security states
Preparing for an incident isn't something that might happen - it will happen (your threat intelligence will tell you that). Prepare for it as a collaborative business activity, and you will be more prepared.
Your information security programme, and attached projects will be the enabler for your information & cyber security maturity going forward. You should commission an information security strategy, and stick to it.