Eoin & The Security

What I would do to make the HSE a more resilient organization from a cyber standpoint...... This is somewhat an open letter to my government on how to secure *our* data. I do not cover compliance or certification but more practical "Must-have" items. Awareness & Resilience (and budget) Folks who write the cheques need to understand the value and importance of cyber security. Its not a "Tax" or an "Insurance" its a process to which we try to help ensure we are somewhat resilient to breach. Breach is 9 times out of 10 more expensive than multiple years of cyber spend. Embrace cyber security! "Hackers don't give a shit" and if you are weak you will be hit. Cyber-Resilience and awareness may not prevent breach but it may limit the extent of the breach and enable us to act in a timely manner before the genie is out of the bottle.  Investment in cyber security is paramount due to the potential losses due to fraud and breach recovery. Compliance

The HSE Data Breach and the State of Irish Cyber Security Many years ago, shortly after I founded the Irish chapter of OWASP ( http://www.owasp.org ) (in 2007??) we were delivering free application and software development classes to anyone who wanted them. It was a local low key affair but every class we delivered was "sold out". We have 60-80 folks mostly developers willing to spend 4-5 hours on learning the fundamentals of secure application development and testing. I suppose we felt cyber security was an important issue because that's what we did. At the time many folks in business felt cyber security was an overhead or a "tax" and did not give it much time. A few years later (late 2010) when the the foundation of the NCSC (National Cyber Security Centre) was announced, a few of us (local OWASP Ireland leaders) wrote a number of emails to the Irish government offering free cyber security training. As we were working for a non profit (501.3c) charity (OWA