Security Controls

Biden’s Executive Order – A cloud migration to make the moon landing look simple

On the 22nd May 2021, President Joe Biden signed an executive order to improve the national cybersecurity posture. Section 2 of the Executive order was all about sharing threat and incident data between government and service providers. Section 3 takes Government Agency IT by the scruff of the neck and looks to drag it into …

Biden’s Executive Order – A cloud migration to make the moon landing look simple Read More »

Biden’s Cyber Executive Order – One SIEM to rule them all?

I started off looking to write a summary of the Cyber Resilience Executive Order released on the 12th May 2021 by President Biden. Unfortunately, this is a must larger task than first envisaged. There is a huge amount of material condensed into a single document. The document is long and dense (but dense in the …

Biden’s Cyber Executive Order – One SIEM to rule them all? Read More »

ENISA’s Online Platform for Security of Personal Data Processing

In December 2019, ENISA released an online platform to help Data Controllers and processors with the security controls applicable to personal data processing. The platform looks to tie together ISO 27001, ISO 27005, the GDPR requirements and some principles from ISO 27701, to provide a link between high-risk personal data processing and the security controls …

ENISA’s Online Platform for Security of Personal Data Processing Read More »

Implementing ISO 27701 – Privacy for ISO 27001

When the GDPR came into force on the 25th May 2018, a number of Articles referred to the creation of certification schemes that could be approved by Authorities, to make it easier for data subjects to understand whether an organisation had appropriate privacy controls. Implementing ISO 27701 looks like the easiest route currently to this …

Implementing ISO 27701 – Privacy for ISO 27001 Read More »

Data breaches at Access Aggregators

As cybercrime adapts to general business circumstances, a likely trend is the targeting of service providers who look after access control for other businesses. As small businesses look for support in moving to the cloud, many cloud solution providers are springing up to act as middle-men between the business and the cloud providers like AWS …

Data breaches at Access Aggregators Read More »