Wed13 May 2026
The Multi-Framework Crosswalk Every UK Security Leader Should Have on Their Wall
One matrix. ISO 27001, NIST CSF, CIS Controls, DORA and NIS 2 — mapped to the evidence artefacts auditors actually ask for.
Coming soon
/ The InfoSecAI Brief
Practical perspectives on information security, GRC and AI governance.
Considered perspectives, framework analysis and senior practitioner views from Paul Jolliffe, Founder of InfoSecAI. Over twenty years of international leadership experience in information security across the private and public sectors.
ISO/IEC 27001:2022
ISO/IEC 42001:2023
NIST CSF 2.0
NIST AI RMF
EU AI Act
DORA
NIS 2
UK GDPR
SOC 2
Cyber Essentials
CIS Controls v8
DSPT
ISO/IEC 27001:2022
ISO/IEC 42001:2023
NIST CSF 2.0
NIST AI RMF
EU AI Act
DORA
NIS 2
UK GDPR
SOC 2
Cyber Essentials
CIS Controls v8
DSPT
/ Briefing papers
Four reference papers for senior security and risk leaders.
Concise, evidence-led perspectives across frameworks, fractional CISO delivery, AI governance and operational resilience. Subscribe to receive all four directly to your inbox.
Reference card
PDF · 4 pages
The UK Security Leader's Multi-Framework Crosswalk
Thirty control domains mapped across ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1, DORA, NIS 2, UK GDPR and the EU AI Act / ISO 42001. Plus the evidence artefacts auditors actually ask for.
Playbook
PDF · 12 pages
The vCISO 90-Day Plan
The structured first three months of a fractional CISO engagement. Three phases, twelve milestones, the artefacts the board will see, the questions the regulator will ask. Distilled from twenty years of senior security leadership.
Board pack
PDF · 16 pages
The AI Governance Board Pack — 7 Decisions Before August 2026
The seven decisions every UK board, audit committee chair and CISO should make before EU AI Act enforcement begins. Includes the AI governance maturity model and the use-case approval decision tree.
Reality check
PDF · 10 pages
DORA — The 12-Month Reality Check
What FCA and Central Bank of Ireland regulated firms have learned in the first year of DORA enforcement. Pillar-by-pillar self-check, third-party criticality matrix and the 4-hour incident notification workflow.
/ Latest posts
Perspectives from twenty years of senior security leadership.
Articles begin publishing on 13 May 2026. Subscribe above to receive them as they are published.
Wed20 May 2026
The First 90 Days as a vCISO: What I Actually Do
Not a generic playbook. The structured approach I use in the first three months of a fractional CISO engagement, distilled from 20 years of senior security leadership.
Coming soonWed27 May 2026
Why Most Cyber Transformations Stall, and How to Ship Them
Lessons from a £12m transformation programme. The five reasons large security programmes lose momentum, and the governance moves that get them moving again.
Coming soonWed3 Jun 2026
AI Governance for Boards: Five Questions Every Director Should Ask
Practical board-level questions that separate AI hand-waving from real governance. Aligned to ISO 42001, NIST AI RMF and the EU AI Act.
Coming soon
/ Need support now?
Senior security or AI governance support, available now.
Independent fractional Chief Information Security Officer and virtual Chief Information Security Officer advisory for boards, executives and security leaders. Senior-led, practical, and aligned to your regulatory context.