Posts

What the playbook covers The UK Government published their Artificial Intelligence (AI) Playbook on 10 February 2025, setting out 10 Principles for using AI in government organisations. The playbook updates previous UK government publications, providing an expanded guide designed to help public sector organisations harness AI technologies safely, effectively, and responsibly. It is a must-read for risk managers, cyber-security professionals, and compliance experts working with or within the UK public sector. The playbook provides guidance and principles to navigate the unique challenges and opportunities presented by AI. ...

Online financial fraud has evolved into a sophisticated industry, and one of the most alarming new threats is known as pig butchering. This is not a niche cybercrime — it is a global, highly organised yet decentralised, and rapidly growing scam that preys on victims through social engineering and deception, and takes place entirely online. The scam will successfully target and exploit victims, often the elderly or emotionally vulnerable, and friends and family members will be entirely unaware until after the scammer has finished their work. ...

Logical fallacies are errors in reasoning that undermine the validity of an argument. Recognising logical fallacies is essential for developing critical thinking, empowering you to objectively evaluate arguments and avoid being misled. A July 2024 article in the BBC’s Future series sets out 7 logical fallacies you can train yourself to spot whenever you hear an argument being made. When people are trying to persuade you, they sometimes reach for underhand tricks like the ‘appeal to ignorance’ or ‘whataboutism’ to seem more convincing. BBC Future ...

Effective communication and preparation are key to successful meetings and decision-making processes. One powerful technique that can significantly enhance the outcome of your meetings is the "pre-wire." This concept, which involves holding preliminary discussions before the main meeting, ensures that all participants are on the same page and any potential concerns are addressed in advance. When I was with APM I learned the phrase “pre-wire.” A pre-wire is simply the meeting before the meeting. As consultants it was important to share the meeting agenda with the customer and be aware of any concerns that they may have. As a manager I still find pre-wires important. For example, we always review the IT Steering Committee agenda with the chairperson a few days in advance of the meeting. The better prepared I am for the pre-wire the better the Steering Committee meeting will go. ...

Less than a month until the new American administration, Wired predicts what will change in US cybersecurity policy - and regulations. [… ] “more regulation will be dismantled than introduced.” Biden’s presidency was “riddled with new cyber regulation” that sometimes confused and overburdened industry, he adds. “The new White House will be looking to reduce regulatory burdens while streamlining smart compliance.”

CISOs should be thinking now about changing the assumption that the ‘Great Machine’ of artificial intelligence is so transformational it can replace, rather than augment, human activity. There’s a philosophical concept called the Great Man Theory that suggests history is all about how significant individuals act as centers of gravity for society as a whole — think Alexander the Great, Napoleon Bonaparte, Queen Elizabeth I, or the founding fathers of the American Revolution. ...

Thinking of your next career move? The Economist and the Burning Glass Institute have come up with a list of the best British companies to work for to get ahead in your career - categorised between access, promotion, retention and pay - in a good example of open source data analytics, using “publicly available data on 151 of the country’s biggest and most recognisable employers.”

More AI means more fossil fuel. Gartner Predicts Power Shortages Will Restrict 40% of AI Data Centers By 2027 - Gartner Gartner predict that data centres will experience power shortages in the next few years, driven mainly by increases in usage of AI. Data centre emissions are soaring - it’s AI or the climate - The Conversation Three of the biggest tech companies, Microsoft, Google and Meta, have reported ballooning greenhouse gas emissions since 2020. Data centres packed with servers running AI programs day and night are largely to blame. ...

Forrester Research challenges the Three Lines of Defence (3LOD) model twenty years on. The research firm writes that the three lines of defence is outdated: built for SoX, 3LOD hasn’t been reconsidered in two decades, and it’s time for a change. The three lines of defense (3LOD) concept was initially developed as a corporate governance framework to implement segregation of duties requirements under the 2002 Sarbanes-Oxley Act. […] But as anyone who has tried to implement it as a foundation for enterprise risk management will tell you, the 3LOD is not a model for managing risk. Instead, it defines, with ample rigidity, the roles required to comply with segregation of duties requirements. This division is conceptually simple but does not match the operating model at most organizations. Forrester ...

The US Government’s National Institute for Standards and Technology, known commonly as NIST, released its updated Cybersecurity framework in February. This was the first new version in 10 years, following the 1.0 version in 2014 that was primarily aimed at protecting US critical infrastructure. The new 2.0 version is international and aimed for broad consumption: drafted in collaboration with experts across 100 countries, it should also be easier to use. Version 2.0 also introduces a new category: Govern, recognising that the world has changed since 2014, with Cyber now an enterprise risk being discussed in the boardroom. ...

Control Risks released their predictions for the top business risks for 2025, calling out Digital Concentration Risk as companies outsource their specialist IT services to external providers, such as cloud and security. “The concentration of risk in centralised technological ecosystems in a worsening threat landscape will be a top risk for organisations in 2025.” Global technology disruptions such as the July 2024 Crowdstrike outages shows how human error or system misconfigurations can create a correlated industry-wide impact to customer organisations. And as these companies pass control to external tech vendors, they may be losing the in-house skills needed to respond to future incidents and outages. ...

With the new UK Labour government, changes are expected in legislation and regulations for risk and resilience. The Cyber Security & Resilience Bill will be coming before Parliament in 2025, helping government ‘build a better picture’ of the cyber threat landscape. The Bill will [… expand] the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats. ...

You Have Less Than Two Months to Become DORA Compliant - Security Boulevard With the EU’s Digital Operational Resilience Act (DORA) coming into effect next month, financial services firms in the EU are updating processes, policies and provisions to comply with the new regulation. DORA Contractual Compliance: A Race Against Time - International Banker / PwC As part of TPRM, DORA stipulates that all ICT contracts must contain specific baseline contract terms. There are also more onerous additional requirements for contracts supporting critical or important functions (CIFs). ...

The Bank of England and the Financial Conduct Authority have released a report on Artificial intelligence, surveying participants in the UK financial services sector (report 2024-11-21 - 29 pages). The report highlights respondent’s views on the benefits and risks of AI, use cases including “data and analytical insights, anti-money laundering (AML) and combating fraud, and cybersecurity.” From the report: ...

Article: What you need to know about NIST’s AI Risk Management Framework published in January 2023