• Information security policy – the top three mistakes to avoid

    One of the most common recommendations I hear in the information security industry is ‘the first thing you need to do is create an information security policy’-a set of principles or actions designed to protect information (a definition based loosely on the dictionary definition). That sounds simple enough, but the devil is in the detail.

  • Defusing the security bomb

    In Part 1, I took a business perspective of the challenges involved in trying to achieve a balanced security approach and the pitfalls of poor alignment between IT and the business. From an IT perspective, the drivers may vary, but similar pitfalls exist.

  • Defusing the Security Bomb – Part 1

    With any IT project, we know that optimal solutions are only possible when they align to the needs of the business. So why is it that this alignment is so difficult for information security?

  • Are standards worth the paper they are printed on? Part 2

    In Part 1 of this blog, I argued that relying solely on Standards as your blue-print for information security will leave you exposed, as they only offer generalised considerations, are outdated or misleading.

  • Are Standards worth the paper they are printed on? - Part 1

    There are several Information Security Standards in the marketplace that are designed to assist information technology security (ITS) practitioners in protecting their organisation’s information and systems. I argue, and have done for many years, that they actually do quite the opposite. They confuse practitioners and do not work towards the (assumed) goal of improving information security. Here’s why.

  • The goldilocks result

    We all know security is important, but simply throwing money at your information security (IS) investment is a costly and unreliable method of reducing your exposure to risk.

  • Just Fix It: The Dilemma of an Information Security Professional

    Do any of these lines sound familiar?
    • “I just read about this serious vulnerability. Are we OK?”
    • “How did this happen? You assured me we were secure.”
    • “We already spend $$ on security – why do we need more?”
    • “I don’t understand any of this cybersecurity stuff. Just fix it.”

Mike Thompson

Mike Thompson is the Director of Information Security Products and Services at Linus Information Security Solutions. Mike’s expertise lies in bringing IT and the Business together to improve Information Security outcomes. He has over 25 years of experience across numerous government, commercial and not-for-profit organisations, and is recognised as an ISM expert with the rare ability to articulate complex issues and concepts in plain language and business contexts. Among his many projects he has uncovered computer fraud, ethically hacked a number of organisations, worked as an official adviser to the Victorian Privacy Commissioner and the Victorian Law Reform Commission and designed and developed award-winning software solutions.