Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts in category Security Risk Management

Dashboards vs Security – are they really helping?

Example Security Dashboards

Metrics, Dashboards and Security Like them or not, metrics are a fundamental part of every organisation. Security doesn’t get to a free pass. It is a rare CISO who doesn’t demand dashboards showing how all the security controls are performing. Therefore for most organisations, this is a fight long lost. This may not always be a […]

Read More

Security Incident Response Really Does Matter

Hacked? Time for incident response...

Incident response is one of those things you really hope you’ll never have to use, but know you will. Or at least you should know! Even with the best security, there will come a day when you are up to your eyes in chaos. Either a live security incident or, worse still, picking up the pieces […]

Read More

Security breaches – do you know what to do next?

Anonymous - often linked to security breaches

One sad fact about security is that no matter what controls you put in place, you will suffer breaches and if you are on the internet it is likely to happen sooner rather than later. People sometimes hold to a “physical world” security model which has a clearly defined threat actor (e.g. a burglar) casing […]

Read More

Staysure security breach leads to ICO Fine

Staysure insurance fined for failing to have any security policies.

The Information Commissioner’s Office announced on 24 Feb 2015 that it had levied a monetary penalty of £175,000 against the holiday insurance company Staysure. The fine came about as a result of Staysure suffering a security breach on their website which exposed more than 100,000 customer records and led to more than 5,000 customers having their credit […]

Read More

Employee Security – High risk terminations

Employee security: Layoffs are high risk situations.

Employee security really does matter. Your employees are the lifeblood of every organisation. You put a lot of effort into hiring new staff, you train them, you nurture them and in return you get a massive amount of value. However, like it nor not, there will come a point in time when even your best […]

Read More

Physical security is important for data protection

Physical Security Assessment Form - Free Download

Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]

Read More

Business continuity – 5 things to consider this winter

Snow can disrupt your business.

In the northern hemisphere at least, winter is now upon us and this is time for all business owners to think about how well their business can cope if the weather turns bad. In the UK, we have had a succession of very bad winters and all size of organisations have suffered. In 2009, the […]

Read More

ISMS: New version of ISO/IEC 27001 – Time to update?

ISMS: New version of ISO/IEC 27001 – Time to update?

As you may be aware, the ISO/IEC 27001 standard for Information Security Management Systems (ISMS) was updated and the 2013 version became the “official” version at the start of October 2013. The previous version for ISMS requirements was ISO/IEC 27001:2005, and for eight years now, organisations have been working towards, and achieving, certification to that […]

Read More

Encryption – it is your responsibility

Encryption – it is your responsibility

Encryption is important. This has always been well known, and with the recent revelations about PRISM and related Government monitoring of communications, people have become understandably more interested in the topic. However, keep in mind the fact that doing encryption wrong is worse than not doing it. In recent years it has become more and […]

Read More

Suspicious mail advice – Advice from NaCTSO

Suspicious mail advice – Advice from NaCTSO

This communication regarding suspicious mail has been issued by the National Counter Terrorism Security Office (NaCTSO) and the Centre for Protection of the National Infrastructure (CPNI). Please feel free to forward it on wherever appropriate. If you would like more advice about your specific situation, what risks you might face from suspicious mail (or other […]

Read More

Sensitive data should not go by fax!

Fax Machines - out of date and insecure

You may want to check your calendars again. Even though we are now well into the 21st century, it seems that some organisations are still sending sensitive data by fax machine – and not just the NHS (who were fined £55,000 for the inevitable breach). It seems banks, who really should know better, cant help […]

Read More

NHS Trust fined £200,000 following data disposal errors

NHS & Healthcare Security - Sensitive data needs proper protection.

Although it has a well structured, well run and reasonably well resourced security management service, the NHS still seems to struggle with some aspects of compliance with the Data Protection Act. As a result, another NHS trust has fallen foul of the Information Commissioner’s Office (ICO) and fined a significant amount of money. Based on […]

Read More

Governance failure costs £45,000

Telesales can be effective at promoting your business but you need good governance in place to make it work for you.

A breakdown of internal governance processes has led to the Information Commissioner’s Office (ICO) issuing a civil monetary penalty (fine) on Tameside Energy Services Ltd, a Manchester based company claiming to offer a range of energy improvements and making heavy use of cold-call sales tactics. Showing a growing tendency to fine private companies, the ICO reported […]

Read More

Unexpected Weather? Check your business continuity plan!

Time spent planning is never wasted.

By now, it should be no surprise to anyone that the UK is in the grip of some very bad weather that was largely unexpected. News reports today have talked about this being the “worst” March weather for over 30 years with many road and rail links closed due to snowfall. Additionally, large numbers of […]

Read More

Pre-employment Security Screening – Reducing the workforce risk

pre-employment screening

It can be hard for a business to bring in new workers. The trusted insider poses a unique threat to any organisation – not only can the insider do you considerable harm but, for your business to function, you have to be able to trust your employees and let them get on with their job. […]

Read More

Recent Tweets Recent Tweets