Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Regulators call for substantial IT investment to combat risk deficiencies

Financial services firms need to make substantial and sustained investments in IT infrastructure if they are to overcome severe underlying weaknesses in their risk management capabilities, according t...

See article

Plan, Do, Manage, Review, Cuthbert, Dibble and Grub

Security and Compliance is an ongoing process. Both in personal and corporate activities, it is worthwhile stepping through the simple four-step process to reduce the risk of compromise.


In the same way as when you buy a new house, you plan (at least in your head) to change the locks and possibly add locks to the windows, extend insurance to cover loss, and repair things that may fall down and hurt people, when starting a new year, examine the risks your company is exposed to, particularly new ones such as mobile security.


Plans are just that. Without actually changing your locks, you are still vulnerable to the set of keys lost by the previous owner. Without your employees changing their password on a monthly basis, hacked passwords still grant access to your systems.


It is all very well telling people to do something, but the manager's responsibility is to check it has been done, or the progress, manage the risks and issues and smooth out authorisations.


Crime is not static, nor is the law. Annual, monthly and even daily reviews of new threats or changes is a must.

Cuthbert, Dibble and Grub

Trumpton, anyone? Mnemonics, particularly rhymes, make things easier to remember. Whether it is "Pugh, Pugh, Barney McGrew, Cuthbert, Dibble and Grub" or "Plan, Do, Manage, Review", make the compliance and security messages for workers (employees, directors and contractors) simple and easy to remember and they are more likely to be followed, at least in the most part.

Plan to have a Fire Brigade for when you need to use it

Comments: (0)

Blog group founder

Member since




More from member

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all

Now hiring