Welcome to my blog. Here I will share my thoughts on Information Security, and my particular slant on it - implementing genuinely practical controls.
Too often security measures are conceived in ivory towers and placed on virtual "shelves" to gather dust and please a passing auditor or tick a compliance box.
To really improve security all controls must take care of the Human element, be practical and really impact positively on day to day operations, be valued by individuals and championed by Managers.
A control that adds business value is one that will be operated effectively. Let's discuss that.