Companies often grapple with security frameworks as if it were a deeply theological question. Maybe you are a US multinational that has inherited NIST based controls but your clients want a certification of compliance which the NIST 800-53 cannot provide. Maybe you are an organisation who’s deeply technical experts reject broad-based controls in favour of
The Storting, the Norweigan Parliament, was targeted in a cyberattack in September 2020. Emails of MP’s and members of staff were hacked. Measures have been taken, and the incident reported to the police. Looking online for further information, what stands out is the uniformity of the response.
Norsk Hydro values of care courage and communication guiding company response to cyberattack
How do company values inspire your response? It went pear-shaped. Not sure exactly what happened, but a nasty message on screen, some speculation, and the decision to shut down. It may have had the urgency of “all the garbage mashers on the Detention Level”. Garmin India took the holding line of “maintenance”. It’s okay, this
On July 19th 2020, Blackbaud Inc released a statement on a security incident that they had experienced. This incident resulted in a data breach of UK data associated with a number of UK Universities and a number of charity organisations. A full list of affected UK legal entities has not been disclosed by Blackbaud Inc. The University
The Tim Hortons mobile app has caught the eye of the Canadian Privacy regulator. An investigation is to be conducted by the Canadian Privacy Authorities to assess whether consent to allow location monitoring was properly received by their mobile app.  On the face of it, small beer (or coffee) and something just for the Canadians
ISO 27701 has come along to add another management system into the ISO camp. With the creation of a Privacy Management System (PMS), the International Standards Organisation (ISO) is looking to provide a compliance framework for global privacy legislation and regulation. There is a significant cost in evidencing compliance to any regulation, that most organisations
Maximum fine for Cathay Pacific Cathay Pacific got slapped with a £500K fine from the UK ICO for its data breach that was discovered in March 2018.  The ICO in its monetary penalty notice was happy to use the word “negligence” in describing Cathay Pacific’s behaviour that led to the incident. Cathay Pacific originally called
After giving CMMC v0.4 a bit of a butchering in September of last year, I thought it only fair to revisit the Cybersecurity Maturity Model Certification being proposed by the US DoD, that all third party contractors will have to adhere to from June 2020. I have to say I am pleasantly surprised with the