As per a previous post, it looks like ransomware is now the easiest way of making money on the Internet, for anyone that thinks they can get away with breaking the law. I’m going to take a different view of this news, and concentrate on why this makes sense as a method of extracting money …
Part 4 of a series on implementing ISO 27701 as a way to gain Privacy Certification. Click here for the rest of the series. Human Resource Security The ISO 27701 standard chooses not to add any additional guidance to this set of clauses with the exception of training and awareness. This seems to be an …
Part 3 of the series looks at the applicable controls in ISO 27002 and the impact of Privacy on them. Click here to see the rest of the series. Policies The additional implementation guidance within ISO 27701 on this is slightly confused. In ISO 27002 under A.5.1.1, it is a very clear requirement that you …
In my previous blog post, we looked at Context and Leadership. This post will pick up from Planning and cover the rest of clause 5 of the ISO 27701 standard. Planning is mainly focused on risk assessment and risk treatment. Information Security Risk Assessment The ISO 27701 standard seems to imply a separation of information …
When the GDPR came into force on the 25th May 2018, a number of Articles referred to the creation of certification schemes that could be approved by Authorities, to make it easier for data subjects to understand whether an organisation had appropriate privacy controls. Implementing ISO 27701 looks like the easiest route currently to this …
Organisations spend considerable sums of money to protect themselves against the cyber risks that they see in front of them. Unfortunately, you can’t manage what you can’t see. This has been the problem with third party assurance for a significant length of time. Historically, data was fairly immobile with mainframes and the lack of an …
We can generally gauge the level of preparation and understanding a company has about their own cyber security by the way they respond externally to a cyber incident. There have been some notable examples over the years where cyber security professionals have had to put palm to face on some of the media responses placed …
Discussions at Board level on Cyber Security are generally low on reality and high on rhetoric. This is due to the meeting of two very different worlds. Between a CISO who appears to be claiming Armageddon on a daily basis unless the Board fund all requirements, and a Board who don’t have enough knowledge to …
What every Board member needs to know about Cyber Read More »
As cybercrime adapts to general business circumstances, a likely trend is the targeting of service providers who look after access control for other businesses. As small businesses look for support in moving to the cloud, many cloud solution providers are springing up to act as middle-men between the business and the cloud providers like AWS …
The recent BA and Marriott proposed ICO fines weighing in at just shy of £300m. What other organisations are currently sweating over being tapped on the shoulder by the ICO? Since June 2018, we have had a few notable data breaches worldwide. Each may have EU residents in their number and have the potential to …
