Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts tagged Government

HMG Security Policy Framework – Version 8

HMG Security Policy Framework – Version 8

You are probably aware that the Cabinet Office have recently issued Version 8 of the Security Policy Framework (SPF). This is the document that provides the overarching framework for security compliance with Government and for any organisations wishing to connect to the Government network or do business with HMG. Previously we have published versions of […]

Read More

Personal Email + Work Activity = High Risk Situation

Personal Email + Work Activity = High Risk Situation

Almost everyone has a personal email address, to the point where you are probably more shocked to discover someone who doesnt rather than a person who has several. In recent years, as the internet has become more embedded in our daily life this has exploded and people now access their email on their phone, tablets, […]

Read More

SPF – ISO27001 Control Mapping Tool – Free Download

SPF – ISO27001 Control Mapping Tool – Free Download

For any organisation looking to provide services to the UK Government, consideration of the Security Policy Framework (SPF) is essential and for most Government contracts audited compliance is required. Unfortunately, compliance with the SPF (and List X Status) doesnt often carry much weight in the wider world where customers and service partners will often demand […]

Read More

Security Policy Framework Compliance Tool

Security Policy Framework Compliance Tool

As we mentioned recently, the UK Government has released an updated version of the Security Policy Framework (SPF), which details the security requirements for government agencies and departments. It also applies to any private sector bodies providing services to the Government (such as List X companies). Where there is a requirement to comply with the […]

Read More

Security Policy Framework Compliance Checklist – available for download.

Security Policy Framework Compliance Checklist – available for download.

As previously mentioned, we have updated the SPF Compliance Checklist to make it suitable for use with Version 7 of the Security Policy Framework released a few weeks ago. The new checklist is now available for free download from our security resources section and provides you with the relevant audit points to assess compliance with […]

Read More

Updated Security Policy Framework – UK Government Security Standard

Updated Security Policy Framework – UK Government Security Standard

The UK Government has released an updated version of the Security Policy Framework (version 7) which reflects changing opinions on the best way to manage security risks within Government. The primary change with this new release is that the Mandatory Requirements have reduced from 68 in the previous version to 20 in the current version. […]

Read More

Data Protection Act – Calls for more powers while breaches continue

Data Protection Act – Calls for more powers while breaches continue

Earlier this week, the Justice Committee Ninth Report made the recommendation that the Information Commissioners should have the power to issue custodial sentences (prison time) for breaches of the Data Protection Act rather than be limited to the current system whereby a fine of up to £500,000 can be levied against those responsible for a […]

Read More

Document disposal – don’t take risks

Document disposal – don’t take risks

There has been a lot of press coverage over the recent incident where a cabinet office minister (Oliver Letwin) was observed throwing official documents into a public waste bin. Although it is not yet confirmed, it has been reported that these documents contained a mix of information relating to counter-terrorism and correspondence from his constituency […]

Read More

Hospital loses 800 patient’s data

Hospital loses 800 patient’s data

A report has apparently revealed that the East Surrey Hospital has lost an unencrypted USB drive containing the details of 800 patients. According to the Crawley Observer, this data included details such as dates of birth and medical operation details (and as such would be considered Sensitive Personal Data under the Data Protection Act 1998). In addition […]

Read More

Schools breach data protection rules

Schools breach data protection rules

Today the Information Commissioner’s Office announced a data protection act breach at the Bay House School in Hampshire which placed data belonging to nearly 20,000 people at risk. Reading the ICO report, it appears this breach was the result of an attack on its website and the fact that members of staff re-used passwords for […]

Read More

Ex-T-Mobile Employees Fined £73,700 for data theft

Ex-T-Mobile Employees Fined £73,700 for data theft

The ICO has issued another set of fines for misuse of personal data and violations of the Data Protection Act. This instance, however, is clear cut criminal behavior rather than business misuse, or misunderstanding, of the act. Also in this instance, it appears that the incident came to light after T-Mobile conducted an internal investigation and reported […]

Read More

Surrey Council Fined over DPA offences

Surrey Council Fined over DPA offences

The ICO has flexed its muscles against Surrey Council and imposed a £120,000 fine for breaching the Data Protection Act. While this falls well short of the maximum allowed in law (£500,000) it is larger than most of the recent fines issued. The likelihood is that the size of this offence was more driven by the repeated […]

Read More

Registration for the Second Cyber Security Challenge is Open

Registration for the Second Cyber Security Challenge is Open

If you are interesting in taking the UK governments “Cyber Security Challenge” – registration is now open. You can find more at the challenge website: https://cybersecuritychallenge.org.uk/ If you are planning to take part, then good luck.

Read More

Recent Tweets Recent Tweets