How can the ISO 27001 framework be used to continuously improve the security level? In a previous article, we told you all about the new European NIS directive and Belgium's choice to use the ISO 27001 standard as a basis…
Category: Cyberrisk Management & Strategy
Nostalgie, nostalgie… rappelez-vous des organisations sécurité il y a 20 ans. Impossible de faire plus simple ! L’équipe « type » était composée d’une quinzaine de personnes au sein des opérations de la DSI, toutes passionnées de technique : ça causait nombre de VLAN, filtrage…
The cybersecurity topic requires involvement at all levels of the company, but also and above all with the executive committee! Obviously, management must be an example, but it will also decide on major investments and will know how to unlock…
Phishing, data leak, laptop or smartphone thefts, fake President… end-users are key actors in securing information systems. However, it is a difficult exercise to raise their awareness to security risk and to teach them good practices. Headache for CISOs, lack…
Security managers often bring us in to evaluate their cybersecurity maturity level. We help firms analyze the return on investment for cybersecurity, properly allocating the budget, comparing level of security to that of others in similar sectors or common standards,…
Find the entire story about the creation of TRUST in my first article. A campaign launch is all well, but how do you keep it going over time? The creation of TRUST was not an end in itself, but…
Retrouver toute l'histoire de la création de TRUST dans mon premier article. Un lancement de campagne c’est bien, mais comment tenir dans la durée ? La création de TRUST n’a pas été une finalité, mais un tremplin pour la…
A year ago, the idea of TRUST was born, the name of the new awareness program at Wavestone. My team and I spent a year thinking about and developing a whole new strategy to raise awareness among Wavestone employees.…
Let's not lie to ourselves: it sometimes feels like cybersecurity lives in a bubble. CISOs are fed up with benchmarks (10% of the IT budget, 1 FTE for 400 employees, etc.), leading them to multiply major investment programs, sometimes costing…
Le sujet de la cybersécurité requiert une implication à tous les niveaux de l’entreprise, mais aussi et surtout avec le comité exécutif ! Evidemment le management doit montrer l’exemple mais c’est aussi ce comité qui va décider des investissements majeurs…