https://kie.ie/principle-cards/principle_001.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_001.png Principle 001: Crisis Decision Hierarchy — Executive Governance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Organisations do not lose systems first. They lose decision authority — then everything else follows. Principle 001/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Executive Governance. https://kie.ie/principle-cards/principle_002.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_002.png Principle 002: Board-Survivable Cyber Architecture™ — Executive Governance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Boards do not buy cyber technology. They buy the absence of unrecoverable downside. Principle 002/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Executive Governance. https://kie.ie/principle-cards/principle_003.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_003.png Principle 003: Evidence Chain Model™ — Evidence & Regulation Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University If the evidence chain breaks before the regulator opens the file, the control was never a control. Principle 003/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Evidence & Regulation. https://kie.ie/principle-cards/principle_004.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_004.png Principle 004: Decision Rights Architecture™ — Executive Governance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Authority that cannot be exercised under pressure is decorative. Document it as theatre or redesign it as power. Principle 004/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Executive Governance. https://kie.ie/principle-cards/principle_005.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_005.png Principle 005: Recoverability Mandate™ — Resilience & Recovery Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Recovery is not a phase. It is the discipline that proves whether the programme is real. Principle 005/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Resilience & Recovery. https://kie.ie/principle-cards/principle_006.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_006.png Principle 006: Contract Control Matrix™ — Contracts & Suppliers Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every clause your counterparty would not sign on incident day must be removed or rewritten today. Principle 006/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Contracts & Suppliers. https://kie.ie/principle-cards/principle_007.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_007.png Principle 007: AI Accountability Stack™ — AI Governance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Autonomy without accountability is liability dressed as innovation. Govern both with the same instrument. Principle 007/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. AI Governance. https://kie.ie/principle-cards/principle_008.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_008.png Principle 008: Operational Defensibility — Evidence & Regulation Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Time-to-defensible is the only metric your supervisor, board, and insurer will ever agree on. Principle 008/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Evidence & Regulation. https://kie.ie/principle-cards/principle_009.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_009.png Principle 009: Doctrine Durability — Doctrine & Talent Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Control posture survives leadership turnover only when doctrine outlives the doctrine's author. Principle 009/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Doctrine & Talent. https://kie.ie/principle-cards/principle_010.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_010.png Principle 010: Asymmetric Disclosure Doctrine™ — Disclosure & Crisis Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Counterparties forgive incidents. They do not forgive the second disclosure that contradicts the first. Principle 010/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Disclosure & Crisis. https://kie.ie/principle-cards/principle_011.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_011.png Principle 011: Third-Party Liability Inversion™ — Suppliers & Liability Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Your supplier's weakest control becomes your strongest liability when the regulator names you together. Principle 011/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Suppliers & Liability. https://kie.ie/principle-cards/principle_012.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_012.png Principle 012: Cyber Insurance Renegotiation Principle™ — Insurance & Claims Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University The pre-incident premium is tuition. The renewal is the exam your control posture sits in writing. Principle 012/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Insurance & Claims. https://kie.ie/principle-cards/principle_013.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_013.png Principle 013: Identity-as-Perimeter Doctrine™ — Identity & Access Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University There is no boundary left to harden. Identity is the control plane and every assertion is an audit contract. Principle 013/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Identity & Access. https://kie.ie/principle-cards/principle_014.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_014.png Principle 014: Crypto-Agility Mandate™ — Quantum & Crypto Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Quantum-resilient cryptography is not research. It is next decade's audit finding written today. Principle 014/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Quantum & Crypto. https://kie.ie/principle-cards/principle_015.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_015.png Principle 015: Operational Resilience Threshold™ — Resilience & Continuity Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University The hour you cannot operate degraded is the hour your continuity plan becomes evidence against you. Principle 015/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Resilience & Continuity. https://kie.ie/principle-cards/principle_016.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_016.png Principle 016: Model Risk Governance Doctrine™ — AI Governance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every AI decision touching a customer leaves a paper trail. Write it before the regulator does. Principle 016/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. AI Governance. https://kie.ie/principle-cards/principle_017.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_017.png Principle 017: Sovereign Risk Geometry™ — Data Sovereignty Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Data residency is not policy. It is the geometry of who can compel disclosure and from where. Principle 017/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Data Sovereignty. https://kie.ie/principle-cards/principle_018.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_018.png Principle 018: Zero Trust Engineering Admission™ — Zero Trust Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Zero Trust is not a product line. It is the admission that inherited trust was already wrong. Principle 018/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Zero Trust. https://kie.ie/principle-cards/principle_019.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_019.png Principle 019: First Call Hierarchy™ — Crisis Command Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University The first call after breach is not legal. It is the executive who owns the consequence. Principle 019/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Crisis Command. https://kie.ie/principle-cards/principle_020.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_020.png Principle 020: Vendor Concentration Trap™ — Supplier Concentration Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University A single-provider stack is efficiency until the regulator calls it concentration risk. Principle 020/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Supplier Concentration. https://kie.ie/principle-cards/principle_021.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_021.png Principle 021: Insider Threat Realism™ — Insider Risk Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University The insider does not merely appear in the threat model. The insider often builds it. Govern accordingly. Principle 021/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Insider Risk. https://kie.ie/principle-cards/principle_022.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_022.png Principle 022: SBOM Provenance Mandate™ — Software Supply Chain Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Code you cannot enumerate is risk you cannot disclose. The SBOM is the receipt for every signature. Principle 022/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Software Supply Chain. https://kie.ie/principle-cards/principle_023.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_023.png Principle 023: Run-Time Truth Doctrine™ — Runtime Assurance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Build-time guarantees expire when the workload starts. Runtime evidence is what regulators accept. Principle 023/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Runtime Assurance. https://kie.ie/principle-cards/principle_024.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_024.png Principle 024: Defaults-Become-Decisions Doctrine™ — Configuration Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every configuration you did not change is a decision you signed without reading. Principle 024/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Configuration. https://kie.ie/principle-cards/principle_025.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_025.png Principle 025: Critical Skill Concentration Risk™ — Talent Concentration Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University When the one engineer who understands the control leaves, the control leaves with them. Principle 025/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Talent Concentration. https://kie.ie/principle-cards/principle_026.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_026.png Principle 026: Programme Discipline — Programme Discipline Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University A programme that cannot state its next decision in one sentence is not a programme. It is a process. Principle 026/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Programme Discipline. https://kie.ie/principle-cards/principle_027.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_027.png Principle 027: Operating Tempo Doctrine — Operating Model Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Tempo is the only governance metric that compounds. Improve it and every other metric follows. Principle 027/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Operating Model. https://kie.ie/principle-cards/principle_028.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_028.png Principle 028: Single-Threaded Authority — Authority Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Distributed authority is theatre. Real authority is single-threaded, accountable, and revocable. Principle 028/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Authority. https://kie.ie/principle-cards/principle_029.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_029.png Principle 029: Threat Intelligence Hierarchy — Threat Intelligence Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Intelligence that does not change a decision is content. Intelligence that does is doctrine. Principle 029/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Threat Intelligence. https://kie.ie/principle-cards/principle_030.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_030.png Principle 030: Crown-Jewel Inversion Principle — Crown Jewels Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Crown jewels are not where value sits. They are where consequence collapses if compromised. Principle 030/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Crown Jewels. https://kie.ie/principle-cards/principle_031.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_031.png Principle 031: Detection Engineering Mandate — Detection Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every detection that triggers without an owned response is a notification, not a control. Principle 031/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Detection. https://kie.ie/principle-cards/principle_032.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_032.png Principle 032: Forensic Readiness Discipline — Forensics Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University If your incident investigation begins after the incident, you have already lost it. Principle 032/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Forensics. https://kie.ie/principle-cards/principle_033.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_033.png Principle 033: Encryption Decree — Encryption Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Encryption without key custody is decorative. Custody without rotation is fossilised. Principle 033/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Encryption. https://kie.ie/principle-cards/principle_034.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_034.png Principle 034: Public-Cloud Sovereignty Test — Cloud Sovereignty Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Sovereignty in cloud is measured in keys you hold and clauses you signed — nothing else. Principle 034/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Cloud Sovereignty. https://kie.ie/principle-cards/principle_035.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_035.png Principle 035: Configuration Drift Doctrine — Configuration Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Configuration drift is the slowest, costliest breach. It has no perimeter and no headline. Principle 035/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Configuration. https://kie.ie/principle-cards/principle_036.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_036.png Principle 036: Patch Cadence Realism — Vulnerability Management Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Patch cadence is published as policy and audited as legend. Reconcile or remove. Principle 036/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Vulnerability Management. https://kie.ie/principle-cards/principle_037.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_037.png Principle 037: Vulnerability Triage Hierarchy — Vulnerability Management Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Severity ratings sort vulnerabilities. Exploitability decides which ones move you out of bed. Principle 037/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Vulnerability Management. https://kie.ie/principle-cards/principle_038.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_038.png Principle 038: Logging Sufficiency Test — Logging Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Logs that cannot reconstruct the timeline within minutes are storage costs, not security. Principle 038/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Logging. https://kie.ie/principle-cards/principle_039.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_039.png Principle 039: Identity Lifecycle Discipline — Identity Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Joiners, movers, leavers: the boring loop that decides whether identity is governance or theatre. Principle 039/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Identity. https://kie.ie/principle-cards/principle_040.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_040.png Principle 040: Privileged Access Minimum — Privileged Access Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Standing privileged access is liability dressed as convenience. Default it to ephemeral. Principle 040/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Privileged Access. https://kie.ie/principle-cards/principle_041.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_041.png Principle 041: Shadow IT Recognition — Shadow IT Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Shadow IT is not policy failure. It is a measurement of how easily the organisation can be told no. Principle 041/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Shadow IT. https://kie.ie/principle-cards/principle_042.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_042.png Principle 042: Vendor Onboarding Mandate — Supplier Onboarding Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University A vendor onboarded without evidence becomes a vendor offboarded under provable loss. Principle 042/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Supplier Onboarding. https://kie.ie/principle-cards/principle_043.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_043.png Principle 043: Contractual Asymmetry Principle — Contracts Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every clause not actively negotiated is a clause negotiated for someone else. Principle 043/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Contracts. https://kie.ie/principle-cards/principle_044.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_044.png Principle 044: Procurement Cyber Gate — Procurement Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Procurement that skips cyber pre-qualification is procurement that bypasses governance. Principle 044/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Procurement. https://kie.ie/principle-cards/principle_045.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_045.png Principle 045: Insurance Underwriting Realism — Insurance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Cyber underwriters price what they can see. Make sure it survives forensic review. Principle 045/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Insurance. https://kie.ie/principle-cards/principle_046.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_046.png Principle 046: Claim-Defensibility Doctrine — Claims Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University A control that cannot defend a claim is a control that will become an exclusion. Principle 046/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Claims. https://kie.ie/principle-cards/principle_047.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_047.png Principle 047: Quantification Sobriety — Risk Quantification Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Quantification is useful only when it changes a decision. Otherwise, it is performance. Principle 047/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Risk Quantification. https://kie.ie/principle-cards/principle_048.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_048.png Principle 048: Risk Appetite Coherence — Risk Appetite Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Risk appetite means nothing until exceeded. Put the tripwires in before the breach. Principle 048/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Risk Appetite. https://kie.ie/principle-cards/principle_049.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_049.png Principle 049: Risk-Register Realism — Risk Register Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University A risk register without owners, dates, and money is a literature review. Principle 049/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Risk Register. https://kie.ie/principle-cards/principle_050.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_050.png Principle 050: Audit Findings Discipline — Audit Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University An audit finding without a board-approved remediation date is a finding the board does not own. Principle 050/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Audit. https://kie.ie/principle-cards/principle_051.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_051.png Principle 051: Continuous Assurance Mandate — Assurance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Annual attestation is a snapshot. Continuous assurance is a contract. Principle 051/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Assurance. https://kie.ie/principle-cards/principle_052.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_052.png Principle 052: Three-Lines Operational Truth — Governance Lines Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Three lines of defence collapse to one when only the first knows what is happening. Principle 052/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Governance Lines. https://kie.ie/principle-cards/principle_053.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_053.png Principle 053: Internal-Audit Independence Test — Internal Audit Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Audit independence is measured by what the auditor may write to the board. Principle 053/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Internal Audit. https://kie.ie/principle-cards/principle_054.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_054.png Principle 054: Whistleblower Doctrine — Ethics Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University If anomaly-to-accountability runs through command, it is not a route. It is a filter. Principle 054/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Ethics. https://kie.ie/principle-cards/principle_055.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_055.png Principle 055: Crisis Communications Mandate — Crisis Comms Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Crisis communications drafted during crisis confess that there was no plan. Principle 055/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Crisis Comms. https://kie.ie/principle-cards/principle_056.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_056.png Principle 056: Forensic Custody Chain — Forensics Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Chain of custody preserved badly is chain of custody not preserved at all. Principle 056/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Forensics. https://kie.ie/principle-cards/principle_057.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_057.png Principle 057: Tabletop Exercise Realism — Exercises Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Tabletop exercises that do not end in a board decision are calendar entries. Principle 057/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Exercises. https://kie.ie/principle-cards/principle_058.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_058.png Principle 058: Restoration-Tested Backups — Backups Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Backups that have not been restored are not backups. They are encrypted hope. Principle 058/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Backups. https://kie.ie/principle-cards/principle_059.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_059.png Principle 059: Recovery-Time Honesty — Recovery Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Recovery-time objectives unverified by drills are aspirations the board should reject. Principle 059/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Recovery. https://kie.ie/principle-cards/principle_060.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_060.png Principle 060: Operational-Resilience Inversion — Resilience Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Resilience is not what technology does. It is what the institution does when technology does not. Principle 060/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Resilience. https://kie.ie/principle-cards/principle_061.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_061.png Principle 061: Severance & Liability Doctrine — Liability Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Liability that cannot be transferred, insured, or absorbed must be reduced. There is no fourth option. Principle 061/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Liability. https://kie.ie/principle-cards/principle_062.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_062.png Principle 062: Data Sovereignty Discipline — Data Sovereignty Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Data sovereignty is decided at the contract, not at the data centre. Principle 062/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Data Sovereignty. https://kie.ie/principle-cards/principle_063.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_063.png Principle 063: Cross-Border Transfer Mandate — Cross-Border Data Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every cross-border transfer is a contract. Absence of one is a breach in waiting. Principle 063/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Cross-Border Data. https://kie.ie/principle-cards/principle_064.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_064.png Principle 064: Privacy-by-Design Realism — Privacy Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Privacy retrofitted is privacy lost. Build it in or rebuild around it. Principle 064/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Privacy. https://kie.ie/principle-cards/principle_065.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_065.png Principle 065: Subject-Rights Operating Model — Data Rights Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Subject-rights requests test the operating model. If you fail at scale, fix the model. Principle 065/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Data Rights. https://kie.ie/principle-cards/principle_066.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_066.png Principle 066: Data Minimisation Mandate — Data Minimisation Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every field you do not collect is a breach you do not suffer. Discipline shows in what is absent. Principle 066/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Data Minimisation. https://kie.ie/principle-cards/principle_067.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_067.png Principle 067: Retention Mandate — Retention Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Data kept past purpose becomes evidence in someone else's case. Retention is governance, not storage. Principle 067/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Retention. https://kie.ie/principle-cards/principle_068.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_068.png Principle 068: Cyber-Physical Engineering Mandate — OT / ICS Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University OT cyber is engineering, not IT. Apply IT thinking and the plant teaches you the difference. Principle 068/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. OT / ICS. https://kie.ie/principle-cards/principle_069.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_069.png Principle 069: Safety-Cyber Convergence — Safety Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Safety integrity and cyber integrity now share a budget, regulator, and failure mode. Principle 069/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Safety. https://kie.ie/principle-cards/principle_070.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_070.png Principle 070: ICS Patch Doctrine — ICS Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University ICS patching is a maintenance window, a safety case, and a vendor negotiation — in that order. Principle 070/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. ICS. https://kie.ie/principle-cards/principle_071.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_071.png Principle 071: Critical-Infrastructure Inversion — Critical Infrastructure Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Critical infrastructure is critical until incident. After incident it is public consequence. Principle 071/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Critical Infrastructure. https://kie.ie/principle-cards/principle_072.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_072.png Principle 072: National-Resilience Mandate — Essential Services Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Operators of essential services answer to two regimes: the supervisor's and the public's. Principle 072/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Essential Services. https://kie.ie/principle-cards/principle_073.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_073.png Principle 073: Geopolitical Cyber Realism — Geopolitics Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Your threat model is your geography. Update it as the map changes. Principle 073/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Geopolitics. https://kie.ie/principle-cards/principle_074.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_074.png Principle 074: Sanctions Compliance Mandate — Sanctions Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Sanctions compliance is a cyber control. Treat it as one and your blast radius shrinks. Principle 074/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Sanctions. https://kie.ie/principle-cards/principle_075.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_075.png Principle 075: State-Aligned Threat Doctrine — State Threats Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University State-aligned threats are now baseline threats. Architecting around them is architecting for everyone. Principle 075/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. State Threats. https://kie.ie/principle-cards/principle_076.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_076.png Principle 076: Quantum-Risk Time Horizon — Quantum Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Quantum risk is a 2026 problem because 2030 data is being copied today. Principle 076/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Quantum. https://kie.ie/principle-cards/principle_077.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_077.png Principle 077: Post-Quantum Migration Mandate — Post-Quantum Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Crypto migration is a multi-year programme. Start it the day you classify the data. Principle 077/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Post-Quantum. https://kie.ie/principle-cards/principle_078.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_078.png Principle 078: Cipher Inventory Discipline — Crypto Inventory Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University If you cannot list every cipher in your estate, you cannot migrate any of them. Principle 078/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Crypto Inventory. https://kie.ie/principle-cards/principle_079.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_079.png Principle 079: Hardware Trust Doctrine — Hardware Trust Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Hardware roots of trust are policy, supply chain, and physics. Lose one and you lose the root. Principle 079/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Hardware Trust. https://kie.ie/principle-cards/principle_080.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_080.png Principle 080: Firmware Governance Mandate — Firmware Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Firmware is the controlled substance of cyber. Track it like one or expect the breach equivalent. Principle 080/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Firmware. https://kie.ie/principle-cards/principle_081.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_081.png Principle 081: SBOM Mandate — SBOM Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University If your supplier cannot produce an SBOM, you cannot produce a defence. Principle 081/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. SBOM. https://kie.ie/principle-cards/principle_082.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_082.png Principle 082: Open-Source Stewardship — Open Source Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Open source is a dependency, not a gift. Govern it as a supplier with no SLA. Principle 082/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Open Source. https://kie.ie/principle-cards/principle_083.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_083.png Principle 083: AI Provenance Mandate — AI Provenance Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every AI decision must be traceable to data, weights, and authority. Lose one and accountability collapses. Principle 083/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. AI Provenance. https://kie.ie/principle-cards/principle_084.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_084.png Principle 084: Model Drift Discipline — Model Drift Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Models drift. Decisions drift with them. Govern drift or stop calling it governance. Principle 084/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Model Drift. https://kie.ie/principle-cards/principle_085.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_085.png Principle 085: Training-Data Custody — Training Data Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Training data is a regulated asset. Treat it as one or watch it become evidence. Principle 085/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Training Data. https://kie.ie/principle-cards/principle_086.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_086.png Principle 086: Prompt-Injection Realism — Prompt Injection Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Prompt injection is the new SQL injection. The lesson is unchanged: trust no input. Principle 086/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Prompt Injection. https://kie.ie/principle-cards/principle_087.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_087.png Principle 087: Agentic-Autonomy Test — Agentic AI Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Every autonomous action your system can take must have a named human accountable for its outcome. Principle 087/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Agentic AI. https://kie.ie/principle-cards/principle_088.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_088.png Principle 088: AI-Assisted Decision Provenance — AI Decisions Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University If you cannot explain why the AI agreed, you cannot defend why you did. Principle 088/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. AI Decisions. https://kie.ie/principle-cards/principle_089.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_089.png Principle 089: Bias-Audit Mandate — Bias Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Bias audited annually is bias governed. Bias audited at incident is bias litigated. Principle 089/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Bias. https://kie.ie/principle-cards/principle_090.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_090.png Principle 090: Disinformation Operational Test — Disinformation Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Operational disinformation is now cyber risk. Reputation is an attack surface. Principle 090/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Disinformation. https://kie.ie/principle-cards/principle_091.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_091.png Principle 091: Insider Threat Realism Update — Insider Risk Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Insider threat is no longer the disgruntled employee. It is the privileged identity used by anyone. Principle 091/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Insider Risk. https://kie.ie/principle-cards/principle_092.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_092.png Principle 092: Talent Concentration Inversion — Talent Risk Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Talent that cannot be cross-trained becomes risk. Talent that cannot be retained becomes liability. Principle 092/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Talent Risk. https://kie.ie/principle-cards/principle_093.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_093.png Principle 093: Hiring-Pipeline Discipline — Hiring Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University A hiring pipeline is governance infrastructure. Underfund it and audit findings repeat. Principle 093/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Hiring. https://kie.ie/principle-cards/principle_094.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_094.png Principle 094: Skills-Currency Mandate — Skills Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Skills lapse faster than certifications. Audit currency, not credentials. Principle 094/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Skills. https://kie.ie/principle-cards/principle_095.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_095.png Principle 095: Doctrine-Author Continuity — Doctrine Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Doctrine that depends on its author ends with its author. Codify or expect collapse. Principle 095/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Doctrine. https://kie.ie/principle-cards/principle_096.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_096.png Principle 096: Knowledge-Capture Discipline — Knowledge Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Tribal knowledge is a fault line. Convert it to doctrine before the senior leaver takes production with them. Principle 096/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Knowledge. https://kie.ie/principle-cards/principle_097.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_097.png Principle 097: Board-Reporting Honesty — Board Reporting Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Board reports that omit what went wrong are confidence trades. Eventually one fails. Principle 097/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Board Reporting. https://kie.ie/principle-cards/principle_098.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_098.png Principle 098: Materiality Calibration — Materiality Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Materiality is decided by the board before the incident — or by the regulator after. Principle 098/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Materiality. https://kie.ie/principle-cards/principle_099.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_099.png Principle 099: Disclosure-Timing Discipline — Disclosure Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University Disclosure timing is a board-level decision. Push it down and it will land on the news cycle. Principle 099/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Disclosure. https://kie.ie/principle-cards/principle_100.html 2026-05-19 monthly 0.8 https://kie.ie/principle-cards/principle_100.png Principle 100: Doctrine Closing Principle — Institutional Architecture Doctrine Card by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University A doctrine that survives twenty years and three regulators is no longer doctrine. It is institutional architecture. Principle 100/100 from 100 Cyber Doctrine Principles by Professor Kieran Upadrasta, CISSP CISM CRISC, Schiphol University. Institutional Architecture.