The aim of this site is to discuss and explain information risk, security and audit issues from a business perspective, and – through pursing my own understanding – to help others to understand as well.
It’s not a technical blog – so many sites out there do that brilliantly. My aim is to apply knowledge to events in order to facilitate understanding, rather sharing knowledge in itself.
This site aims to:
- be part of the conversation for other information risk professionals
- be of value to those working in related roles, such as operational and finance auditors who need to understand how to manage and mitigate information risk
- by focussing on business rather than technology, help senior decision makers understand and evaluate the issues they face.
I’m a former IT auditor now working in Information Security at a UK Financial Services organisation.
I certainly don’t have all the answers, or even all the questions – please do contribute and comment. If you think I’m wrong, please say so – you may well be right!
I do of course retain the copyright to all the information on this site, so please ask if you’d like to use it elsewhere - I’d love you to use it, but I’d like to know!