Cyber Security Isn’t Just for the Chief Security Officer

Per John Parkinson, the best place to start in achieving the best possible cyber security lies with the CFO building cross-functional collaboration and cooperation with the business’s cyber strategists. John believes it’s up to the CFO’s office to bridge the gap that often exists between security and the lines of business, to ensure adequate resources are being devoted to the right areas of cyber security, and, especially, to play the role of skeptic in seeking realistic risk assessments as part of allocating resources.

The Cost of Privacy

In this article for CFO magazine, John Parkinson discusses the General Data Protection Regulation, the European Union’s new framework for data consumer privacy, and what its implementation will mean to information-based businesses. Under this framework, EU member states must implement a set of common regulations, though they can still have local additions to the rules.

Would You Have Invoked the Disaster Recovery Plan?

Last month’s high profile tech failures at United Airlines and the New York Stock Exchange are a stark reminder of the importance of having a well-tested disaster recovery plan in place. In his latest article for, John Parkinson discusses the various components of a disaster recovery plan and recommends companies consider what scenarios would trigger its implementation instead of trying for a fix.

How to Respond to a Data Breach

According to the 2015 Verizon Data Breach Investigations report there were more than 7 million vulnerability exploits in 2014, yet incident response plans are one of the most neglected aspects of information security. In his latest column for, John Parkinson discusses how essential it is for a company to have an incident response plan.

The Biggest Cyber Threat is Inside Your Company

In his latest column for, John Parkinson discusses cybersecurity and how the biggest threat can be found inside your company. Multiple approaches have been developed to address this insider threat: Security Information and Event Management (SIEM), User Behavior Analysis (UBA), and Data Loss Prevention (DLP). While no approach can guarantee you’ll never face this problem, constant vigilance is a must.