The aim of this site is to discuss and explain information risk, security and audit issues from a business perspective, and  – through pursing my own understanding – to help others to understand as well.

It’s not a technical blog – so many sites out there do that brilliantly. My aim is to apply knowledge to events in order to facilitate understanding, rather sharing knowledge in itself.

This site aims to:

• be part of the conversation for other information risk professionals
• be of value to those working in related roles, such as operational and finance auditors who need to understand how to manage and mitigate information risk
• by focussing on business rather than technology, help senior decision makers understand and evaluate the issues they face.

I’m a former IT auditor now working in Information Security at a UK Financial Services organisation.

I certainly don’t have all the answers, or even all the questions – please do contribute and comment. If you think I’m wrong, please say so – you may well be right!

I do of course retain the copyright to all the information on this site, so please ask if you’d like to use it elsewhere - I’d love you to use it, but I’d like to know!