Specialist Security & Risk Management Consultants

Prison Service in NI Warned over Data Breach

Prison Service in NI Warned over Data Breach

The prison service in Northern Ireland has been warned by the ICO over another data breach. The ICO press release is available online: http://ico.org.uk/news/latest_news/2014/prison-service-warned-after-maze-records-sold-at-auction-18062014 This incident relates to the Prison Service auctioning off a cabinet containing records from the Maze prison. Interestingly, this breach took place in 2004, when the Northern Ireland Office was responsible, but nothing […]

Truecrypt encryption software still available for download

Truecrypt encryption software still available for download

It seems that Truecrypt is too popular a tool for people to give up on it and version 7.1a is still available for download. A website has sprung up at truecrypt.ch offering downloads of Truecrypt binaries and source code. The download site appears to have been set up by a Swiss national and provides links […]

Truecrypt encryption software ceases production

Without Truecrypt, selecting encryption software is a lot harder.

On 28 May 2014, the developers of the reasonably infamous encryption software Truecrypt apparently announced that the program was over and that the risk of security weaknesses meant people should stop using it. Since this announcement, the Truecrypt website at http://truecrypt.org now redirects to the Sourceforce page (http://truecrypt.sourceforge.net/) which reports that development ended in “5/2014″ following Microsoft […]

Physical security is important for data protection

Physical Security Assessment Form - Free Download

Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]

DPA Registration is important if you want to avoid a fine

DPA - follow the law or risk a fine

Here in the UK, the Data Protection Act (DPA) has been law for 14 years now (the act is dated 1998 and commenced in 2000). Despite this, there are some organisations who are not aware of their obligations to comply, even when it is clear they are handling data which would be protected under the […]

Security logs can save your systems and data

Security logs aren't interesting but they are very important.

It goes without saying that security logs are not the most interesting of topics. They are often viewed as a necessary evil, and in some instances they are even minimised to prevent storage or bandwidth issues. Both of these approaches are wrong. Boring or not, security logs are one of, if not the, the most […]

City of London Police – update

Mounted Officer - City of London Police. Photo by William Warby (http://www.flickr.com/photos/wwarby/)

As part of the cross-sector safety and security communications plan, the City of London police have announced today some significant changes being made to reinforce the ring of steel around the Square Mile. City of London Police: Ring of steel just got tougher New tactics, new tools and new technology will be launched in February […]

Data protection needs good physical security

Data protection needs good physical security

Data protection is frequently in the news as organisations more become aware of just how important it is to their business. Unfortunately all too often data protection measures focus on the technical aspects, overlooking the basic need for good physical security controls. Technical controls, such as encryption & access management are important for data protection […]

127.0.0.1 redirect causing wordpress connectivity problems.

Wordpress Redirecting to 127.0.0.1 on login

There seems to be a problem with either WordPress or one of its plugins that is redirecting the login script to a non-existent listener on local host (127.0.0.1). At the moment we have implemented a work-around, but any contributors may have difficulty logging in. A quick google search shows that this is happening to other […]

December DPA Breach Fines

Payday loan companies need to be aware of the DPA and PECR.

The run up to Christmas 2013 has shown that the Information Commissioners Office is still busy fining organisations and individuals for breaches of the Data Protection Act (DPA). In December two new civil monetary penalties were issued with a total of over £175,000. Both cases highlighted the value of being proactive and implementing good security […]

Business continuity – 5 things to consider this winter

Snow can disrupt your business.

In the northern hemisphere at least, winter is now upon us and this is time for all business owners to think about how well their business can cope if the weather turns bad. In the UK, we have had a succession of very bad winters and all size of organisations have suffered. In 2009, the […]

ISO27001 compliance checklist available for download

ISO27001 Checklist tool - screenshot

As mentioned previously, we have now uploaded our ISO 27001 (also known as ISO/IEC 27001:2013) compliance checklist and it is available for free download. Please feel free to grab a copy and share it with anyone you think would benefit. Designed to assist you in assessing your compliance, the checklist is not a replacement for […]

Twitter – Possible social engineering attack

Twitter - email headers

This evening I managed to end up getting my personal twitter account hijacked and malicious users were able to send out direct messages before I got at least some element of control back. First off, I want to apologise to anyone who got a strange DM from me, telling them to click on a suspicious […]

ISMS: New version of ISO/IEC 27001 – Time to update?

ISMS: New version of ISO/IEC 27001 – Time to update?

As you may be aware, the ISO/IEC 27001 standard for Information Security Management Systems (ISMS) was updated and the 2013 version became the “official” version at the start of October 2013. The previous version for ISMS requirements was ISO/IEC 27001:2005, and for eight years now, organisations have been working towards, and achieving, certification to that […]

Physical Security – It still matters

Good physical security protects your information.

When it comes to security, there is an unfortunate tendency for organisations (large and small) to fall into the trap of treating their physical security as something separate or different from their information security needs. Despite physical security having a place in every international security standard (such as ISO 27001), ownership of physical risks often […]

Recent Tweets Recent Tweets