Budgets are integral to every business. The start up’s business plan has to include budgets and the multinational will have an entire finance unit geared around making sure that every year the numbers are crunched, and budgets allocated. At a very fundamental level, a budget allows businesses to grow. It allows them to develop without going […]
You are browsing archives for
Tag: Risk Management
Employee Security – High risk terminations
Employee security really does matter. Your employees are the lifeblood of every organisation. You put a lot of effort into hiring new staff, you train them, you nurture them and in return you get a massive amount of value. However, like it nor not, there will come a point in time when even your best […]
Physical security is important for data protection
Physical security has always been a cornerstone of any Information Security program. As a topic, it is covered by every major security standard. Most have entire sections dedicated to physical security: ISO27001:2013 has A.11 “Physical and Environmental Controls“ The SoGP has CF3.3 “Sensitive Physical Information” and CF19 “Physical and Environmental Security” PCI-DSS Requirement 9 mandates […]
Suspicious mail advice – Advice from NaCTSO
This communication regarding suspicious mail has been issued by the National Counter Terrorism Security Office (NaCTSO) and the Centre for Protection of the National Infrastructure (CPNI). Please feel free to forward it on wherever appropriate. If you would like more advice about your specific situation, what risks you might face from suspicious mail (or other […]
NHS Trust fined £200,000 following data disposal errors
Although it has a well structured, well run and reasonably well resourced security management service, the NHS still seems to struggle with some aspects of compliance with the Data Protection Act. As a result, another NHS trust has fallen foul of the Information Commissioner’s Office (ICO) and fined a significant amount of money. Based on […]
Governance failure costs £45,000
A breakdown of internal governance processes has led to the Information Commissioner’s Office (ICO) issuing a civil monetary penalty (fine) on Tameside Energy Services Ltd, a Manchester based company claiming to offer a range of energy improvements and making heavy use of cold-call sales tactics. Showing a growing tendency to fine private companies, the ICO reported […]
Passwords are not bad, just dont trust vendors
Passwords are in the news again, with yet another headline crying out for the death of the password and claiming that everyone should move to two factor authentication (2FA) for all their online activities. As with all these claims, it is worth looking at them in greater detail before we give up on of the […]
Do you value your security?
We are in a new year now, the end of the world never materialised and everyone will be back at work, getting ready to push on their new years resolutions – even the ones doomed to failure. Unfortunately, lots of the mistakes that were made last year will be repeated and it likely that during […]
Bad Security – Taking Risks and Not Realising It
Another fine has been issued by the Information Commissioner’s Office (ICO) and, again, it is the result of something that could easily have been prevented if a bit of time and money had been spent in advance. On Thursday, 22 Nov 12, the ICO reported levying a £60,000 Civil Monetary Penalty (fine) on Plymouth City […]
Security is the cheaper option – stop avoiding it.
Another Data Protection Act fine (civil monetary penalty) was announced yesterday (25 Oct 12), and again it is largely the result of risk management mistakes meaning that a cheap preventative measure was ignored and, instead, a fairly hefty fine has been paid. The fine came as a result of a solicitor acting on behalf of […]
ICO claims private sector leads the way on Data Protection Act compliance
Interestingly, a report from the ICO published yesterday has stated that the private sector appears to be more compliant with the requirements of the Data Protection Act than public sector bodies. The ICO press release reports the findings of a series of audits the Office has carried out between Feb 2010 and Jul 2012, on both […]
What price security?
One of the most challenging tasks facing any security professional is communicating the value of security to others within the organisation you work for. Unlike lots of other disciplines there is a very unfortunate tendency for businesses (large and small) to view security as an “optional” extra which is only begrudgingly funded because some inconvenient regulation demands […]
Security is not a tool and your tools are not security
Quite rightly, information security is a hot topic for most businesses. This is driven by a combination of regulatory and legal compliance pressures and the unavoidable fact that information (data) has become a valuable asset which needs to be properly protected and managed. This is where good information security practices come in. With good security […]
LinkedIn to face £3m lawsuit over password breach
Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (previously discussed), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages. SC Magazine reports that the […]
Risk Management – Not Risk Avoidance
There is a commonly held misconception about risk management and, where this relates to security risk management, it is even more widespread, frequently to the detriment of organisations and businesses. Risk Management is not the same thing as Risk Avoidance and no matter how well you manage your risks, sometimes the bad thing will happen. […]