Stefan Sokolowski – Page 2 – Cyber Controls Blog

ENISA’s Online Platform for Security of Personal Data Processing

Leave a Comment / ISO 27701, Security Controls / By Stefan Sokolowski

In December 2019, ENISA released an online platform to help Data Controllers and processors with the security controls applicable to personal data processing. The platform looks to tie together ISO 27001, ISO 27005, the GDPR requirements and some principles from ISO 27701, to provide a link between high-risk personal data processing and the security controls …

ENISA’s Online Platform for Security of Personal Data Processing Read More »

Travelex vs the ICO

Leave a Comment / Data breach / By Stefan Sokolowski

On the 8th January, the ICO in the UK confirmed that it had not received notification of a data breach at Travelex. Travelex seems to be under the misapprehension that because they claim no evidence exists of any data being taken, then a data breach has not yet been confirmed. Unfortunately, the GDPR is quite …

Travelex vs the ICO Read More »

Can one Cyberattack bring down an industry?

Leave a Comment / Data breach / By Stefan Sokolowski

The Travelex breach is still ongoing, having started on the 31st December 2019. Travelex has confirmed that it has not informed the ICO of the breach, even though lack of data availability is considered a breach under Article 32 of the GDPR. Aside from the obvious ransomware response issues generated here, there are a few …

Can one Cyberattack bring down an industry? Read More »

New ransomware advice from the FBI

Leave a Comment / Ransomware / By Stefan Sokolowski

The FBI has updated its advice to companies to be more understanding when companies decide to pay their attackers for the key. The updated advice says it does not advocate the payment of ransoms, but understands that a company faced with no alternative to recreating their data are in a difficult position. It is essentially …

New ransomware advice from the FBI Read More »

Third Party Assurance – A new dawn

Leave a Comment / Third Party Security Assurance / By Stefan Sokolowski

Historically, Third Party Assurance meant evaluating the financial resilience of an organisation to determine whether they were viable enough to deliver what you needed. Today, the Third-Party Assurance landscape has moved on significantly. Like the expanding Universe, Third Party Assurance regulation, legislation and requirements seem to be accelerating. Anti-money laundering, Bribery and Corruption, Modern Slavery, …

Third Party Assurance – A new dawn Read More »

Are you Breach ready?

Leave a Comment / Data breach / By Stefan Sokolowski

There is a lot to be said for the similarities between getting breach ready, and getting beach ready. Both require careful planning and a relentless focus. Both also ensure that you are not left with your arse hanging out. Effort Both require effort. Breach preparations requires a detailed understanding of the business, of business-critical applications …

Are you Breach ready? Read More »

Third Party Security Assurance Questions – Part 2

Leave a Comment / Third Party Security Assurance / By Stefan Sokolowski

We left off last time out on Risk Treatment. The previous post is here. So following up using ISO 27001 as a base for our questions, the next section would be Performance Evaluation. Performance Evaluation In ISO 27001 speak, this is the monitoring of your security controls. You can understand a lot about the maturity …

Third Party Security Assurance Questions – Part 2 Read More »