Specialist Security & Risk Management Consultants

Physical security is important for data protection

Physical Security Assessment Form - Free Download

Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]

DPA Registration is important if you want to avoid a fine

DPA - follow the law or risk a fine

Here in the UK, the Data Protection Act (DPA) has been law for 14 years now (the act is dated 1998 and commenced in 2000). Despite this, there are some organisations who are not aware of their obligations to comply, even when it is clear they are handling data which would be protected under the […]

Security logs can save your systems and data

Security logs aren't interesting but they are very important.

It goes without saying that security logs are not the most interesting of topics. They are often viewed as a necessary evil, and in some instances they are even minimised to prevent storage or bandwidth issues. Both of these approaches are wrong. Boring or not, security logs are one of, if not the, the most […]

City of London Police – update

Mounted Officer - City of London Police. Photo by William Warby (http://www.flickr.com/photos/wwarby/)

As part of the cross-sector safety and security communications plan, the City of London police have announced today some significant changes being made to reinforce the ring of steel around the Square Mile. City of London Police: Ring of steel just got tougher New tactics, new tools and new technology will be launched in February […]

Data protection needs good physical security

Data protection needs good physical security

Data protection is frequently in the news as organisations more become aware of just how important it is to their business. Unfortunately all too often data protection measures focus on the technical aspects, overlooking the basic need for good physical security controls. Technical controls, such as encryption & access management are important for data protection […] redirect causing wordpress connectivity problems.

Wordpress Redirecting to on login

There seems to be a problem with either WordPress or one of its plugins that is redirecting the login script to a non-existent listener on local host ( At the moment we have implemented a work-around, but any contributors may have difficulty logging in. A quick google search shows that this is happening to other […]

December DPA Breach Fines

Payday loan companies need to be aware of the DPA and PECR.

The run up to Christmas 2013 has shown that the Information Commissioners Office is still busy fining organisations and individuals for breaches of the Data Protection Act (DPA). In December two new civil monetary penalties were issued with a total of over £175,000. Both cases highlighted the value of being proactive and implementing good security […]

Business continuity – 5 things to consider this winter

Snow can disrupt your business.

In the northern hemisphere at least, winter is now upon us and this is time for all business owners to think about how well their business can cope if the weather turns bad. In the UK, we have had a succession of very bad winters and all size of organisations have suffered. In 2009, the […]

ISO27001 compliance checklist available for download

ISO27001 Checklist tool - screenshot

As mentioned previously, we have now uploaded our ISO 27001 (also known as ISO/IEC 27001:2013) compliance checklist and it is available for free download. Please feel free to grab a copy and share it with anyone you think would benefit. Designed to assist you in assessing your compliance, the checklist is not a replacement for […]

Twitter – Possible social engineering attack

Twitter - email headers

This evening I managed to end up getting my personal twitter account hijacked and malicious users were able to send out direct messages before I got at least some element of control back. First off, I want to apologise to anyone who got a strange DM from me, telling them to click on a suspicious […]

ISMS: New version of ISO/IEC 27001 – Time to update?

ISMS: New version of ISO/IEC 27001 – Time to update?

As you may be aware, the ISO/IEC 27001 standard for Information Security Management Systems (ISMS) was updated and the 2013 version became the “official” version at the start of October 2013. The previous version for ISMS requirements was ISO/IEC 27001:2005, and for eight years now, organisations have been working towards, and achieving, certification to that […]

Physical Security – It still matters

Good physical security protects your information.

When it comes to security, there is an unfortunate tendency for organisations (large and small) to fall into the trap of treating their physical security as something separate or different from their information security needs. Despite physical security having a place in every international security standard (such as ISO 27001), ownership of physical risks often […]

Encryption – it is your responsibility

Hosted data should always be encrypted

Encryption is important. This has always been well known, and with the recent revelations about PRISM and related Government monitoring of communications, people have become understandably more interested in the topic. However, keep in mind the fact that doing encryption wrong is worse than not doing it. In recent years it has become more and […]

Suspicious mail advice – Advice from NaCTSO

Suspicious mail advice – Advice from NaCTSO

This communication regarding suspicious mail has been issued by the National Counter Terrorism Security Office (NaCTSO) and the Centre for Protection of the National Infrastructure (CPNI). Please feel free to forward it on wherever appropriate. If you would like more advice about your specific situation, what risks you might face from suspicious mail (or other […]

Sensitive data should not go by fax!

Fax Machines - out of date and insecure

You may want to check your calendars again. Even though we are now well into the 21st century, it seems that some organisations are still sending sensitive data by fax machine – and not just the NHS (who were fined £55,000 for the inevitable breach). It seems banks, who really should know better, cant help […]

Recent Tweets Recent Tweets