[Reading time: 27 seconds]

An ongoing battle in our house these days is whether the central heating needs to be turned on again.

It’s a constant discussion between adults who grew up in the Ireland of many years ago, and a younger individual who clearly believes he is living in the South of Spain.


What has this got to do with cyber security?

This stand-off does provide a way to explain some of the terminology used in the world of risk management and cyber security.

You may hear terms such as “security controls” or “measures”, or a debate about the relative effectiveness of “organisational controls” vs “technical controls”.

And if you’re lucky enough to work in a data protection role, you will know that Article 32 of GDPR talks about “appropriate technical and organisational measures”.


What do all these terms mean?

Well, in the context of our home heating stand-off:

  • An appropriate technical measure might be to set the thermostat so the house is kept at a comfortable temperature*.
  • And an appropriate organisational measure? Wear a jumper!


* And in the near future: When a certain individual figures out how to turn the thermostat up, I will be able to explain why it is so important to restrict ‘Privileged Access’.