An area often underestimated (or forgotten) when deploying duty of care (or any enterprise) technical solution, is how to engage with all stakeholders to make sure they understand what is in place, along with why, how and when it should be used. This is where security teams, working closely with other areas of the business (such as HR, Leadership, IT, Marketing etc.) to educate and onboard is key. It is also, a never ending requirement as people leave and join the organisation. So your solutions should have reports/analytics to hand, to understand overall status more clearly.

I wish everyone a happy, safe and secure Christmas and New Year. Looking forward to a busy and engaging 2024 ...

Recently I have had many conversations and heard many points of view on how risk management and overly holistic risk intelligence often are and how technology is built to assume one size fits all. This raises a challenge that most or all response teams face that incidents are often a mix of subjective, localised or holistic events of all different sizes and impact with no one-size-fits-all response process. Although holistic risks are generally well understood and defined, let's look at a summary of what subjective risk could be defined as.