Cybersecurity is a technical topic. If technology is not your primary area of expertise, it can be difficult to assess how your firm's current security measures stack up. My Tri-State Assessment Matrix can help, as it avoids the techie speak and focuses on your gut feeling about three areas - technical defences; human defences; regulatory alignment. How these areas are currently positioned gives a strong indication about how IT security is being managed in your firm.
The four phases of the W4 Methodology - Where, What, Why, What (Now) - includes four clear milestones. Each milestone proves the progress you are making as you pragmatically move from your current situation to your desired future state.
IT projects and other planned changes frequently fail - They exceed budgets, timelines, or fail to deliver the expected benefits. It may not be a technology problem. It may be a people problem. And there could be a very rational reason for this problem that should have been considered from the start.
What was fit-for-purpose 3 years ago may no longer be fit for purpose now. We knew this when we were 8. Now that we are responsible for the success of our organisations, why have we forgotten this?
When people talk about 'risk', they usually think about 'likelihood'. But risk is not just about likelihood. It's also about impact. And when we think about impact, we start to pay attention.