... "any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service"  [source:  NIST SP800-30r1 ] ... "a person, situation or event (whether deliberate or accidental, targeted or generic in nature) that is hazardous or dangerous, capable of causing an  information   security  incident" [source:  SecAware glossary ] ... "potential cause of an unwanted incident, which can result in harm to a system or organization" [source:  ISO/IEC 27000:2018 ] ... a competitor's unexpected shift of tactics ... an ominous promise to cause harm ... an accident waiting to happen ... the cause of a  really  bad day ... nature red in tooth and claw ... storm clouds on the horizon .....

  Finally! Data in a  report by Cyentia confirms my bias!

... "various forms of supervision and inspection used to ensure that important information security activities and controls are operating properly, and to identify any anomalies" [source:  SecAware glossary ] ... "forgetfulness, carelessness, neglect or incompetence, typically leading to errors, omissions and other information security incidents" [source:  SecAware glossary ] ... absent from ISO/IEC 27002 except for one measly mention (clause 5.16) ... maintaining a watching brief ... an opportunity to review ... the four eyes principle ... the act of overseeing ... the prompt to revisit ... keeping a close eye ... hands off, eyes on ... something missed ... a sign of dis trust ... an opportunity ... a vulnerability ... a sign of  trust ... incompetence ... management ... carelessness ... an omission ... an accident ... an override ... supervision ... inspection ... ineptitude ... a problem ... assurance ... a mistake ... authority ... guidance ... a control ... che...

... "provision of a certain level of trust, confidence, confirmation or proof of something, typically by reviewing, checking, testing, certified compliance or auditing it" [source:  SecAware glossary ] ... knowing when to stop climbing the ladder ... the absence of anxiety and doubt ... a necessary part of management ... the result of testing - pass or fail ... swimming out of the shark cage ... an integral governance function ... stepping into the shark cage ... packing your own parachute ... a friendly hand reaching out ... engineering the shark cage ... an underappreciated goal ... an undervalued objective ... certifying the shark cage ... welding the shark cage ... confidence in another ... an independent view ... holding all the cards ... a measure of power ... plausible deniability ... taking a space walk ... stacking the deck ... hitting the mark ... being confident ... a winning hand ... self-confidence ... not insurance ... being certain ... confirmatory ... bearing ...

Since October is cybersecurity awareness month in the USA, we've seized the opportunity to update SecAware.com with additional information on our security awareness material.  SecAware's information security awareness modules explore a deliberately wide variety of individual topics in some depth:

  Like an expectant father, I've been anxiously filling-in time before the publication of ISO/IEC 27001 :2022, due any day now. Today, I completed the tedious process of reviewing/updating all our information security policy templates for SecAware.com . 

SEE UPDATE 19th Feb 2023 The third edition of ISO/IEC 27001 will have a few changes in the main body text and a complete replacement for Annex A based on  ISO/IEC 27002:2022 .     The transition arrangements are still uncertain but this is my understanding at this point:

... "a structured assurance process of examination, review, assessment, testing and reporting by one or more competent and trusted people who – crucially – are independent of the subject area being audited" [source:  SecAware glossary ] ... senior management's not-so-secret weapon ... how to use friends and influence people ... how to lose friends and alienate people ... proof that management distrusts us ... where failed accountants go to die ... seeing things through fresh eyes ... a massive and unnecessary cost ... "Go ahead punk, make my day" ... derived from the Latin audio ... forever re-opening old sores ... like a bear with a sore head ... the skin-hardening function ... watching your every move ... dependent on information ... bayonetting the wounded ... the bottom of the barrel ... the third line of defence ... something best avoided ... always late to the party ... policies and procedures ... asking dumb questions ... lurking in the shadows ... a gove...

 ... "a relatively weak but commonplace information security control in which supposedly trustworthy people, systems, programs, functions, organisations etc. are expected, anticipated or to various extents required to behave predictably, appropriately, responsibly, ethically and in the trusting party’s best interests." [source:  SecAware glossary ] ... a "relationship between two entities and/or elements, consisting of a set of activities and a security policy in which element x trusts element y if and only if x has confidence that y will behave in a well-defined way (with respect to the activities) that does not violate the given security policy" [source:  ISO/IEC 27036-1 ] ... "a belief that an entity meets certain expectations, and therefore, can be relied upon" [source:  NIST SP800-160v1r1 ] ... placing your fortunes in someone else's hands ... built on a base of trustworthiness ... key to strong relationships ... ceding control to another ... a sh...

Every so often, I find myself working with clients that "get it" - not just the individual people I'm collaborating with, nor even their functions/departments: I'm talking about entire organisations with a cadre of supportive and enthusiastic managers who understand and appreciate the genuine business value of sound information risk management. It's a real pleasure for me, a welcome relief from the usual slog.