Credit union’s IT migration causes an outage.

A recent outage at an Irish credit union that impacted 50,000 customers reminds us that Op Resilience isn’t just about IT security risks.

Sam Glynn2024-02-06T07:18:56+00:00February 5, 2024|Tags: accountability, board of directors, business continuity, central bank, daily, incident response, operational resilience, regulators, regulatory compliance, risk management, senior executives, service provider, third party risk management|

Cyber 3-2-1: Questions for board members, your CISO ain’t a CISO, and iPhone security for sober people.

Cyber 3-2-1: Where to look if you need to ask intelligent questions about cyber security, your CISO is really an ISM, and iPhone security for sober people.

Sam Glynn2024-02-04T10:04:58+00:00February 4, 2024|Tags: accountability, apple, assessment, board of directors, cyber321, regulatory compliance, risk management, senior executives, service provider, staff awareness, supply chain risk, third party risk management|

What has St Brigid got to do with DORA?

It’s time for some spring cleaning. So, dust off your contracts because DORA is coming.

Sam Glynn2024-02-01T07:56:29+00:00February 1, 2024|Tags: daily, dora, image, regulatory compliance, risk management, service provider, third party risk management, whathasthisgottodowithcyber|

Incident Response is not about the technical response.

A recent ransomware attack shows the SEC filing deadline is starting to bite.

Sam Glynn2024-01-25T08:56:15+00:00January 25, 2024|Tags: daily, incident response, ransomware, regulators, regulatory compliance, SEC|

Cyber 3-2-1: Dry January, JPMorgan, and DORA technical standards

Cyber 3-2-1: Why Dry January was never going to work, what 45 billion attacks tells us about JPMorgan’s cyber security, and why we need to stop worrying about zero days.

Sam Glynn2024-01-21T10:18:02+00:00January 21, 2024|Tags: accountability, cyber321, dora, incident response, regulators, regulatory compliance, risk management, senior executives, software updates, supply chain risk, third party risk management|

Cyber 3-2-1: Backups, doorways, and DORA

Cyber 3-2-1: Reminders about why backups are so valuable, why there are more doorways into your systems than you think, and why the pain of DORA will be worth it.

Sam Glynn2023-12-03T13:07:51+00:00December 3, 2023|Tags: backups, business continuity, cyber321, dora, Google Workspace, microsoft 365, operational resilience, ransomware, regulatory compliance, service provider, supply chain risk, third party risk management|

IRS: What does reasonable security look like?

How to figure out what IRS (Implementing Reasonable Security) looks like for your organisation.

Sam Glynn2023-11-30T17:30:17+00:00November 29, 2023|Tags: accountability, board of directors, central bank, daily, dora, dpc, gdpr, iaf, NIST, regulators, regulatory compliance, risk management, senior executives|

DORA + SEAR + IAF = IRS

DORA; SEAR; IAF. Lots of acronyms. But the only one that matters is IRS.

Sam Glynn2023-11-27T10:05:19+00:00November 27, 2023|Tags: accountability, assessment, board of directors, central bank, daily, dora, iaf, regulators, regulatory compliance, sear, senior executives, whathasthisgottodowithcyber|

Cyber 3-2-1: What the world of cyber security could tell us about the Individual Accountability Framework.

Cyber 3-2-1: What the world of cyber security can tell us about the Individual Accountability Framework, and why CISO may stand for ‘Career is Sadly Over’.

Sam Glynn2023-11-16T08:19:11+00:00November 17, 2023|Tags: accountability, board of directors, central bank, cyber321, iaf, regulators, regulatory compliance, senior executives|

What has the Individual Accountability Framework (IAF) got to do with cyber security?

DORA is not what is keeping compliance professionals up at night.

Sam Glynn2023-11-15T10:20:33+00:00November 15, 2023|Tags: accountability, board of directors, central bank, daily, dora, iaf, regulators, regulatory compliance, risk management, senior executives, whathasthisgottodowithcyber|