on requirements in Umeå

To end five hectic days of teaching, I gave an updated version of my "KRAV-märkt" talk on Security Requirements as a lunch seminar at Umeå University together with Omegapoint colleagues.

The audience made a word cloud about Security Req's ("necessary" was the #1 word) and ranked the relative importance of tactics against modern threats (prevention was #1).

The salad was fine and there were plenty of good questions, not least about upcoming regulations in the privacy domain.

My thanks to everyone!


on capabilities in Östersund

I was honoured to give a guest lecture in Östersund at the Mid Sweden University Political Science course Policy-Making During Crises in Society.

Giving a practitioner's view on InfoSec and Continuity Risk, I chose to focus on key capabilities for organisations in dealing with a crisis.

We did a team exercise on creating pandemic plans for a fictitious restaurant, which turned out not to be much of a challenge for these security managers of the future.

A pleasure meeting Evangelia Petridou and her students!


on archiving and agility

I was glad to see last week's Technical Infosec course fully booked.

This time I added a session on backup and archiving. Availability from a preservation perspective is becoming increasingly important as archives are being digitised.

We did a "100 points" Mentimeter exercise, ranking the relative importance of Agile Principles. The question was, which principles will have the most impact (positive or negative) on security work? Not surprisingly, principle #2 "Welcome changing requirements..." ended up on top.