Operational Resilience Blog Archives

Category: Operational Resilience Blog

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

Winner of the ICO’s Practitioner Award for Excellence in Data Protection 2020 announced
Recognising the increasingly vital role played by data protection professionals, the third ICO Practitioner Award for Excellence in Data Protection is awarded ton Barry Moult, Information Governance […]
Grwpiau cymunedol a COVID-19
Wrth i COVID-19 barhau i ysgubo ar draws y Deyrnas Unedig, mae mwy a mwy o bobl yn cael eu sbarduno i helpu'r rhai sy’n fwyaf agored i niwed yn ein cymunedau. Mae grwpiau eglwysig, cymdeithasau […]
Statement in response to the use of mobile phone tracking data to help during the coronavirus crisis
Statement in response to the use of mobile phone tracking data to help during the coronavirus crisis
Community groups and COVID-19: what you need to know about data protection
As COVID-19 continues to sweep across the UK, more and more people are driven to help the most vulnerable in our communities.
Council employee fined £400 for illegally deleted audio file
A council employee has been fined £400 for an offence under the Freedom of Information (FOI) regulations.

Coronavirus Load balancing – Understand it can’t be stopped. We’re just smoothing the peaks in demand.

Similar to the way your IT teams will be trying very hard to load balance the impact of all your extra remote working VPN connections, the government is trying to load balance the impact on the health service and the economy…keep calm and read on!

Calculating Risk – Where’s your Confidence?!

05/03/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

When helping organisations navigate risk management Fox Red Risk is often faced with the task of determining methods for calculating risk. We prefer to use tried and tested methodologies but what we often find is that organisations, very rarely, are calculating risk properly. A key thing missing from the majority of implementation we see is

Asset Discovery for Cybersecurity & Data Protection – You can’t protect it if you don’t know it exists!

03/02/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should

Processor Contract – How Data Processors can inadvertently become Controllers…and why it matters!

27/01/2020 DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

For those of you who deal with the wonderful document that is a data processor contract. Whether you’re on the Controller side or the Processor side, you will know there are quite a few hoops to jump through. This is because GDPR strengthened the requirements of a Controller-Processor relationship, outlined in Article 28. That said,

Supply Chain Resilience – Who are your Backup Suppliers?

13/01/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Is your supply chain resilience programme reminiscent of the article image? Aged, poorly maintained, complex, hard-to-untangle. Do you carry out due diligence at the beginning of your engagements? More importantly, do you carry out ongoing governance and oversight? Even more importantly, does supply chain resilience form part of your wider operational resilience strategy or business

Security Incident Avoidance – Hackers know we’re away for Christmas…

23/12/2019 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

It’s that time of year where many of us will be ensuring our organisations can still deal with a security incident whilst most of the workforce are at home watching Christmas movies like Die Hard – yes, it’s definitely a Christmas Movie. Hackers know businesses are running on skeleton staff during the holiday period so

CISO role: All C and no IA, the 33% CISOs failing their organisations!

23/08/2019 CISO Blog, Operational Resilience Blog EditoratLarge

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about