Incident response is a vital component of every organisations security. It provides the safety net for when the inevitable happens and other controls fail. A good incident response team will also have subject matter experts who can guide your entire organisation’s security strategy. If you take security even slightly seriously, you will have an incident […]
You are browsing archives for
Tag: Security Management
Employee Security – High risk terminations
Employee security really does matter. Your employees are the lifeblood of every organisation. You put a lot of effort into hiring new staff, you train them, you nurture them and in return you get a massive amount of value. However, like it nor not, there will come a point in time when even your best […]
Prison Service in NI Warned over Data Breach
The prison service in Northern Ireland has been warned by the ICO over another data breach. The ICO press release is available online: http://ico.org.uk/news/latest_news/2014/prison-service-warned-after-maze-records-sold-at-auction-18062014 This incident relates to the Prison Service auctioning off a cabinet containing records from the Maze prison. Interestingly, this breach took place in 2004, when the Northern Ireland Office was responsible, but nothing […]
NHS Trust fined £200,000 following data disposal errors
Although it has a well structured, well run and reasonably well resourced security management service, the NHS still seems to struggle with some aspects of compliance with the Data Protection Act. As a result, another NHS trust has fallen foul of the Information Commissioner’s Office (ICO) and fined a significant amount of money. Based on […]
Security design – physical security measures
Physical security really does matter. When it comes to protecting your property, stock, customers, employees or other assets, the physical security measures you can put in place form the foundations for any other loss prevention or information security program. Implementing good physical security measures saves you money in the long run and is often a […]
Do you value your security?
We are in a new year now, the end of the world never materialised and everyone will be back at work, getting ready to push on their new years resolutions – even the ones doomed to failure. Unfortunately, lots of the mistakes that were made last year will be repeated and it likely that during […]
ICO fines text spammers nearly £500,000
Last week the ICO reported that the directors of a company heavily engaged in spam texting (sending unsolicited commercial messages to people via their mobile / cellular phone) have been fined significant sums of money – this is the first action from the ICO using new powers granted in January 2012. This was an investigation […]
Bad Security – Taking Risks and Not Realising It
Another fine has been issued by the Information Commissioner’s Office (ICO) and, again, it is the result of something that could easily have been prevented if a bit of time and money had been spent in advance. On Thursday, 22 Nov 12, the ICO reported levying a £60,000 Civil Monetary Penalty (fine) on Plymouth City […]
ICO claims private sector leads the way on Data Protection Act compliance
Interestingly, a report from the ICO published yesterday has stated that the private sector appears to be more compliant with the requirements of the Data Protection Act than public sector bodies. The ICO press release reports the findings of a series of audits the Office has carried out between Feb 2010 and Jul 2012, on both […]
Security is not a tool and your tools are not security
Quite rightly, information security is a hot topic for most businesses. This is driven by a combination of regulatory and legal compliance pressures and the unavoidable fact that information (data) has become a valuable asset which needs to be properly protected and managed. This is where good information security practices come in. With good security […]
Supplier Security Self-Assessment Questionnaire
Following on from the recent issues experienced by The Scottish Borders Council, we have been asked several times about what can be done to build some assurance into supply chain security. At a very fundamental level, the solution is surprisingly simple: Carry out a security assessment on your supplier. It really is that easy. Visit […]
NHS Security Breaches Continue
Given the level of fines (“Civil Monetary Penalties”) the Information Commissioner’s Office levied against the NHS in June, you would be forgiven in thinking that the Health Service would have exerted considerable effort to preventing any further fines. However, this doesnt seem to be the case. Since we last discussed this, the NHS has been […]
LinkedIn to face £3m lawsuit over password breach
Following up on the news last week that LinkedIn had suffered a major security breach in which huge numbers of user account passwords were put at risk (previously discussed), there is news today that a Chicago resident has filed a class action lawsuit against the company seeking US$5,000,000 in damages. SC Magazine reports that the […]
Risk Management – Not Risk Avoidance
There is a commonly held misconception about risk management and, where this relates to security risk management, it is even more widespread, frequently to the detriment of organisations and businesses. Risk Management is not the same thing as Risk Avoidance and no matter how well you manage your risks, sometimes the bad thing will happen. […]
Security Metrics – Measure the right thing
Every business needs to have a way of making sure that the money it spends on things is justified by the value those things have to the business. Entire industries have grown up around developing ways to measure how much items cost to produce, how much it costs to get them to the market and, […]