Halkyn Security Blog
Specialist Security & Risk Management Consultants

Posts tagged Security Management

Incident Response – 5 key stakeholder groups

Incident Response - Your team cant function in a vacuum.

Incident response is a vital component of every organisations security. It provides the safety net for when the inevitable happens and other controls fail. A good incident response team will also have subject matter experts who can guide your entire organisation’s security strategy. If you take security even slightly seriously, you will have an incident […]

Read More

Employee Security – High risk terminations

Employee security: Layoffs are high risk situations.

Employee security really does matter. Your employees are the lifeblood of every organisation. You put a lot of effort into hiring new staff, you train them, you nurture them and in return you get a massive amount of value. However, like it nor not, there will come a point in time when even your best […]

Read More

Prison Service in NI Warned over Data Breach

Prison Service warned over data breach

The prison service in Northern Ireland has been warned by the ICO over another data breach. The ICO press release is available online: http://ico.org.uk/news/latest_news/2014/prison-service-warned-after-maze-records-sold-at-auction-18062014 This incident relates to the Prison Service auctioning off a cabinet containing records from the Maze prison. Interestingly, this breach took place in 2004, when the Northern Ireland Office was responsible, but nothing […]

Read More

NHS Trust fined £200,000 following data disposal errors

NHS & Healthcare Security - Sensitive data needs proper protection.

Although it has a well structured, well run and reasonably well resourced security management service, the NHS still seems to struggle with some aspects of compliance with the Data Protection Act. As a result, another NHS trust has fallen foul of the Information Commissioner’s Office (ICO) and fined a significant amount of money. Based on […]

Read More

Security design – physical security measures

Protect your assets

Physical security really does matter. When it comes to protecting your property, stock, customers, employees or other assets, the physical security measures you can put in place form the foundations for any other loss prevention or information security program. Implementing good physical security measures saves you money in the long run and is often a […]

Read More

Do you value your security?

Do you value your security?

We are in a new year now, the end of the world never materialised and everyone will be back at work, getting ready to push on their new years resolutions – even the ones doomed to failure. Unfortunately, lots of the mistakes that were made last year will be repeated and it likely that during […]

Read More

ICO fines text spammers nearly £500,000

ICO fines text spammers nearly £500,000

Last week the ICO reported that the directors of a company heavily engaged in spam texting (sending unsolicited commercial messages to people via their mobile / cellular phone) have been fined significant sums of money – this is the first action from the ICO using new powers granted in January 2012. This was an investigation […]

Read More

Bad Security – Taking Risks and Not Realising It

Bad Security – Taking Risks and Not Realising It

Another fine has been issued by the Information Commissioner’s Office (ICO) and, again, it is the result of something that could easily have been prevented if a bit of time and money had been spent in advance. On Thursday, 22 Nov 12, the ICO reported levying a £60,000 Civil Monetary Penalty (fine) on Plymouth City […]

Read More

ICO claims private sector leads the way on Data Protection Act compliance

ICO claims private sector leads the way on Data Protection Act compliance

Interestingly, a report from the ICO published yesterday has stated that the private sector appears to be more compliant with the requirements of the Data Protection Act than public sector bodies. The ICO press release reports the findings of a series of audits the Office has carried out between Feb 2010 and Jul 2012, on both […]

Read More

Security is not a tool and your tools are not security

Security is not a tool and your tools are not security

Quite rightly, information security is a hot topic for most businesses. This is driven by a combination of regulatory and legal compliance pressures and the unavoidable fact that information (data) has become a valuable asset which needs to be properly protected and managed. This is where good information security practices come in. With good security […]

Read More

Supplier Security Self-Assessment Questionnaire

Supplier Security Self-Assessment Questionnaire

Following on from the recent issues experienced by The Scottish Borders Council, we have been asked several times about what can be done to build some assurance into supply chain security. At a very fundamental level, the solution is surprisingly simple: Carry out a security assessment on your supplier. It really is that easy. Visit […]

Read More

NHS Security Breaches Continue

NHS Security Breaches Continue

Given the level of fines (“Civil Monetary Penalties”) the Information Commissioner’s Office levied against the NHS in June, you would be forgiven in thinking that the Health Service would have exerted considerable effort to preventing any further fines. However, this doesnt seem to be the case. Since we last discussed this, the NHS has been […]

Read More

LinkedIn to face £3m lawsuit over password breach

LinkedIn to face £3m lawsuit over password breach

Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (previously discussed), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages. SC Magazine reports that the […]

Read More

Risk Management – Not Risk Avoidance

Risk Management – Not Risk Avoidance

There is a commonly held misconception about risk management and, where this relates to security risk management, it is even more widespread, frequently to the detriment of organisations and businesses. Risk Management is not the same thing as Risk Avoidance and no matter how well you manage your risks, sometimes the bad thing will happen. […]

Read More

Security Metrics – Measure the right thing

Security Metrics – Measure the right thing

Every business needs to have a way of making sure that the money it spends on things is justified by the value those things have to the business. Entire industries have grown up around developing ways to measure how much items cost to produce, how much it costs to get them to the market and, […]

Read More

Recent Tweets Recent Tweets