Fox Red Risk
The Cyber Security and Data Protection Consultancy
Want to Learn More about Cyber Security & GDPR
-
Let’s Avoid a Cost-of-Hacking Crisis this Christmas!
Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling thisRead More -
DSAR – Dealing with the Contentious Data Subject Access Request
Data Subject Access Requests (DSARs) can be onerous at the best of times but there are some situations which send a shudder down the backs of many a Data Protection Officer. The DSAR could be from a long-standing customer of many years who has been the victim of fraud. It could come from a parentRead More -
Vulnerability Scanning – It’s not all about the High and Critical items!
Don’t blindly trust the output of automated scans. This article talks about the key mistakes made when scanning for vulnerabilities.
Read More -
P&O – What’s in a Name: A Case Study in Brand Risk
What's in a company name. Quite a lot. It's a key part of an organisation's brand. It's how customers identify an organisation. A company's name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisationsRead More -
ISO 27001:2022 – Information Classification – Is it now time for #ABIC
Information Classification (IC) is core to an effective security programme. After Asset Management, it's probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflectRead More -
Security Awareness is Dead. Long Live Security Activism!
At the end of 2019, I wrote an article "Security Awareness Dies - My 2020 Prediction" where I talk about how the way organisations go about awareness training is not a great return on investment. The core message was that information security professionals should think about awareness differently. We need to take the opportunity thatRead More
