Risks, controls & incident handling, and why they matter

I hosted a longish lecture & discussion this morning with a small but select mix of MBA students from Providence College School of Business and Edinburgh Napier computing students. They had been working on a project to visualise some security log data to help identify the wheat (data leaks) from the chaff (ordinary traffic).

My challenge: give an overview to explain how the tool they were developing fits into the business context.

I focussed on explaining how risk management and controls are the route to understanding why information security matters to business. I also discussed why incident handling is no longer optional (thank APT, and think about TalkTalk’s experience of its data breaches).

My main point was that a tool that identifies incidents quickly, acts as a detect control (part of risk management) and will help management make better decisions, ealier. A useful thing for both MBA and Computing students to know!

Here are the slides:


About Peter Cruickshank

Lecturer in the School of Computing and a member of the Centre for Social Informatics at Edinburgh Napier University, Scotland. Interested in information systems, learning, politics, society, security and where they intersect. My attempts at rounding out my character include food, cinema, running, history and, together with my lovely wife, bringing up a cat and a couple of kids.
This entry was posted in Audit, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s