Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts tagged Risk Management

Budgets – Security’s friend or foe

Budgets need to be managed properly or security suffers

Budgets are integral to every business. The start up’s business plan has to include budgets and the multinational will have an entire finance unit geared around making sure that every year the numbers are crunched, and budgets allocated. At a very fundamental level, a budget allows businesses to grow. It allows them to develop without going […]

Read More

Employee Security – High risk terminations

Employee security: Layoffs are high risk situations.

Employee security really does matter. Your employees are the lifeblood of every organisation. You put a lot of effort into hiring new staff, you train them, you nurture them and in return you get a massive amount of value. However, like it nor not, there will come a point in time when even your best […]

Read More

Physical security is important for data protection

Physical Security Assessment Form - Free Download

Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]

Read More

Suspicious mail advice – Advice from NaCTSO

Suspicious mail advice – Advice from NaCTSO

This communication regarding suspicious mail has been issued by the National Counter Terrorism Security Office (NaCTSO) and the Centre for Protection of the National Infrastructure (CPNI). Please feel free to forward it on wherever appropriate. If you would like more advice about your specific situation, what risks you might face from suspicious mail (or other […]

Read More

NHS Trust fined £200,000 following data disposal errors

NHS & Healthcare Security - Sensitive data needs proper protection.

Although it has a well structured, well run and reasonably well resourced security management service, the NHS still seems to struggle with some aspects of compliance with the Data Protection Act. As a result, another NHS trust has fallen foul of the Information Commissioner’s Office (ICO) and fined a significant amount of money. Based on […]

Read More

Governance failure costs £45,000

Telesales can be effective at promoting your business but you need good governance in place to make it work for you.

A breakdown of internal governance processes has led to the Information Commissioner’s Office (ICO) issuing a civil monetary penalty (fine) on Tameside Energy Services Ltd, a Manchester based company claiming to offer a range of energy improvements and making heavy use of cold-call sales tactics. Showing a growing tendency to fine private companies, the ICO reported […]

Read More

Passwords are not bad, just dont trust vendors

Passwords are not bad, just dont trust vendors

Passwords are in the news again, with yet another headline crying out for the death of the password and claiming that everyone should move to two factor authentication (2FA) for all their online activities. As with all these claims, it is worth looking at them in greater detail before we give up on of the […]

Read More

Do you value your security?

Do you value your security?

We are in a new year now, the end of the world never materialised and everyone will be back at work, getting ready to push on their new years resolutions – even the ones doomed to failure. Unfortunately, lots of the mistakes that were made last year will be repeated and it likely that during […]

Read More

Bad Security – Taking Risks and Not Realising It

Bad Security – Taking Risks and Not Realising It

Another fine has been issued by the Information Commissioner’s Office (ICO) and, again, it is the result of something that could easily have been prevented if a bit of time and money had been spent in advance. On Thursday, 22 Nov 12, the ICO reported levying a £60,000 Civil Monetary Penalty (fine) on Plymouth City […]

Read More

Security is the cheaper option – stop avoiding it.

Security is the cheaper option – stop avoiding it.

Another Data Protection Act fine (civil monetary penalty) was announced yesterday (25 Oct 12), and again it is largely the result of risk management mistakes meaning that a cheap preventative measure was ignored and, instead, a fairly hefty fine has been paid. The fine came as a result of a solicitor acting on behalf of […]

Read More

ICO claims private sector leads the way on Data Protection Act compliance

ICO claims private sector leads the way on Data Protection Act compliance

Interestingly, a report from the ICO published yesterday has stated that the private sector appears to be more compliant with the requirements of the Data Protection Act than public sector bodies. The ICO press release reports the findings of a series of audits the Office has carried out between Feb 2010 and Jul 2012, on both […]

Read More

What price security?

What price security?

One of the most challenging tasks facing any security professional is communicating the value of security to others within the organisation you work for. Unlike lots of other disciplines there is a very unfortunate tendency for businesses (large and small) to view security as an “optional” extra which is only begrudgingly funded because some inconvenient regulation demands […]

Read More

Security is not a tool and your tools are not security

Security is not a tool and your tools are not security

Quite rightly, information security is a hot topic for most businesses. This is driven by a combination of regulatory and legal compliance pressures and the unavoidable fact that information (data) has become a valuable asset which needs to be properly protected and managed. This is where good information security practices come in. With good security […]

Read More

LinkedIn to face £3m lawsuit over password breach

LinkedIn to face £3m lawsuit over password breach

Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (previously discussed), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages. SC Magazine reports that the […]

Read More

Risk Management – Not Risk Avoidance

Risk Management – Not Risk Avoidance

There is a commonly held misconception about risk management and, where this relates to security risk management, it is even more widespread, frequently to the detriment of organisations and businesses. Risk Management is not the same thing as Risk Avoidance and no matter how well you manage your risks, sometimes the bad thing will happen. […]

Read More

Recent Tweets Recent Tweets