Skip to main content

Physical security is important for data protection

Physical Security Assessment Form - Free Download

Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]

December DPA Breach Fines

Payday loan companies need to be aware of the DPA and PECR.

The run up to Christmas 2013 has shown that the Information Commissioners Office is still busy fining organisations and individuals for breaches of the Data Protection Act (DPA). In December two new civil monetary penalties were issued with a total of over £175,000. Both cases highlighted the value of being proactive and implementing good security […]

Physical Security – It still matters

Good physical security protects your information.

When it comes to security, there is an unfortunate tendency for organisations (large and small) to fall into the trap of treating their physical security as something separate or different from their information security needs. Despite physical security having a place in every international security standard (such as ISO 27001), ownership of physical risks often […]

Fax machines – not suitable for sensitive data

Fax Machines - out of date and insecure

It seems some technologies are hard to get rid of and it seems that people are still using fax machines to send data despite them being slow, cumbersome, unreliable and, most importantly, insecure. As it is 2013, it should go without saying that fax machines are not an appropriate mechanism to send anything sensitive and […]

Another lack of encryption leads to a Data Protection Act Fine

NHS & Healthcare Security - Sensitive data needs proper protection.

On Friday, 15 Feb 13, the Information Commissioner’s Office (ICO) announced that the UK Nursing and Midwifery Council (NMC) had been fined £150,000 for a breach of the data protection act. (It is worth bearing in mind that the NMC has recently raised the registration fees for Nurses to £100 per year) It seems that […]

Mandatory Reporting of Data Security Breaches

It has been announced that the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, is looking to bring in mandatory reporting of information security breaches, at least within some industry sectors. In an interesting press release titled “EU Cybersecurity plan to protect open internet and online freedom […]