
The Psychology of Cybersecurity: How Our Minds Distort Our Perception of Cyber Risk
When I attended the RSA conference in 2022, I tweeted about the intersection of psychology and cybersecurity. While most of the responses...


Webinar: The Board or Council's Role in Cyber Risk Management
The Board or Council's Role in Cyber Risk Management (encore performance, first presented at MISAC Conference October 2022 in Monterey,...

Prioritizing Cyber Risk Management: Prevention and Response to Incidents
Summary This article discusses the complex question of whether having a cyber incident indicates a failure to evaluate and mitigate cyber...


Managing Cyber Risks in Local Government: The Need for Comprehensive Risk Management Programs
As the world continues to move towards digital government, there is a growing need to ensure that cybersecurity is adequately addressed....

The Importance of the CISO
A survey by ThreatTrack demonstrates that the role of CISO is misunderstood and underappreciated by C-Level peers. It seems business...


Cybersecurity Supporting Documentation
Cybersecurity Supporting Documentation In previous posts, I outlined the required topics for cybersecurity policies and procedures. In...


Cybersecurity Procedure Coverage
In a previous post, I outlined the required topics for cybersecurity policies. In this post, I will cover the required procedures from...


Cybersecurity Policy Coverage
What topics need to be covered in cybersecurity policies? In this post, I will cover the required cybersecurity policies from various...

Who should setup access in the ERP (Financial Application)?
As an IT auditor for local governments, one of the most often asked questions I get during audits is this: “Who should set up user access...


What Should be in a Good Cybersecurity Policy
I often get called in to evaluate cybersecurity documentation, more specific policies and procedures. One of the concerns is what to...