[Click the diagram to enlarge it] “Bring Your Own Device” (BYOD) - corporations allowing employees to use their personally-owned ICT gadgets for work - is a hot topic.  BYOD started appearing in the computer press about a year ago.  Now it seems to be on everybody’s watch list for 2012, the benefits for both employers and employees making this a trend that’s hard to ignore.  While researching BYOD security for February's security awareness module, I have read a lot of glib statements in the security press, a fair number of scare-stories and lots of marketing drivel from vendors desperate to steer the PR bandwagon in their general direction.  Several journalists recommend “a BYOD policy”, for instance, but actually finding BYOD policy examples on the Web proved virtually impossible.  Along with the usual mind maps, developing the risk-control spectrum diagram above helped me get my thoughts in order, and provides a useful structure for one of the three seminar pr...

A little gem of  a report from Oxfam examines trends in natural disasters over the past few decades.  A substantial increase in the number of disasters largely reflects a significant increase in the number of floods.  The trend is marked and easy to see since the 1990s. The report's conclusion brings up the issue of country governance: "Countries with better governance are less vulnerable to natural hazards, which implies that securing increased standards of governance could help to mitigate future increases in exposure and hazards." Though the report stops there, I would be utterly amazed if the same was not equally valid at the level of corporations and corporate governance - in other words: Corporations with better governance are less vulnerable to natural hazards, which implies that securing increased standards of governance could help to mitigate future increases in exposure and hazards. So ... just how good are your business continuity and disaster response arrange...

Happy new year everyone. The monthly NoticeBored security awareness deliveries continue with the relase of a thoroughly updated and refreshed module on business continuity management . Do you like the new graphic?  It's even more impressive as a poster-sized image! We started researching and planning this module around ISO/IEC 27002 ’s coverage of business continuity management, and ended up going well beyond what the standard advises.  In our opinion, the standard focuses rather myopically on disaster recovery, largely neglecting other equally significant business continuity controls such as disaster avoidance, resilience and contingency.  It talks about business continuity planning and testing the plans, but hardly mentions business continuity preparations and exercises. Resilience, being the ability to keep critical business processes running right through a disaster, is an important organizational ...