Stefan Sokolowski – Cyber Controls Blog

Biden’s Executive Order – A cloud migration to make the moon landing look simple

Leave a Comment / Security Controls / By Stefan Sokolowski

On the 22nd May 2021, President Joe Biden signed an executive order to improve the national cybersecurity posture. Section 2 of the Executive order was all about sharing threat and incident data between government and service providers. Section 3 takes Government Agency IT by the scruff of the neck and looks to drag it into …

Biden’s Executive Order – A cloud migration to make the moon landing look simple Read More »

Biden’s Cyber Executive Order – One SIEM to rule them all?

Leave a Comment / Security Controls / By Stefan Sokolowski

I started off looking to write a summary of the Cyber Resilience Executive Order released on the 12th May 2021 by President Biden. Unfortunately, this is a must larger task than first envisaged. There is a huge amount of material condensed into a single document. The document is long and dense (but dense in the …

Biden’s Cyber Executive Order – One SIEM to rule them all? Read More »

The Ransomware Taskforce – a 20th century solution to a 21st century problem?

Leave a Comment / Ransomware / By Stefan Sokolowski

The Institute for Security+Technology released a recommendations report on the 30th April 2021 with the help of a list of industry players, to try to stem the tsunami that is ransomware. The 81-page report says all the right kind of things, but the reader is left to wonder just how many Zoom meetings will be consumed in …

The Ransomware Taskforce – a 20th century solution to a 21st century problem? Read More »

The BA GDPR Penalty notice in detail

Leave a Comment / Data breach / By Stefan Sokolowski

Sometimes the greatest lessons learnt are taken from the failures of others. This is likely to be the case with the BA GDPR fine, which landed on the BA HQ doormat on the 16th October 2020. After a year of negotiating and legal representations, the ICO in the UK finally issued the much-awaited penalty. At £20m, …

The BA GDPR Penalty notice in detail Read More »

ISO 27001 verses NIST: the cyber wars

Leave a Comment / ISO 27001 / By Stefan Sokolowski

Companies often grapple with security frameworks as if it were a deeply theological question. Maybe you are a US multinational that has inherited NIST based controls but your clients want a certification of compliance which the NIST 800-53 cannot provide. Maybe you are an organisation who’s deeply technical experts reject broad-based controls in favour of …

ISO 27001 verses NIST: the cyber wars Read More »

ISO 27701 does not cover the GDPR out of the box

Leave a Comment / ISO 27701 / By Stefan Sokolowski

ISO 27701 has come along to add another management system into the ISO camp. With the creation of a Privacy Management System (PMS), the International Standards Organisation (ISO) is looking to provide a compliance framework for global privacy legislation and regulation. There is a significant cost in evidencing compliance to any regulation, that most organisations …

ISO 27701 does not cover the GDPR out of the box Read More »

Negligence provides shareholder value

Leave a Comment / Data breach / By Stefan Sokolowski

Maximum fine for Cathay Pacific Cathay Pacific got slapped with a £500K fine from the UK ICO for its data breach that was discovered in March 2018. The ICO in its monetary penalty notice was happy to use the word “negligence” in describing Cathay Pacific’s behaviour that led to the incident. Cathay Pacific originally called …

Negligence provides shareholder value Read More »

A review of the CMMC v1.0

Leave a Comment / Security Controls, Third Party Security Assurance / By Stefan Sokolowski

After giving CMMC v0.4 a bit of a butchering in September of last year, I thought it only fair to revisit the Cybersecurity Maturity Model Certification being proposed by the US DoD, that all third party contractors will have to adhere to from June 2020. I have to say I am pleasantly surprised with the …

A review of the CMMC v1.0 Read More »