Category: CISO Blog

Category: CISO Blog

Brexit Deal and GDPR – Adequacy will follow [shortly]
29/12/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any subject matter So…it’s here! Despite many saying it was not possible, a free trade deal has been done. Whether it’s a good deal or a bad deal for the UK is yet to

Read More
We need to talk about Information Security Policy…
08/12/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

I’m sure you’re already well on the way to planning your 2021…what it’s December already? Yup, the annus horribilis that is 2020 is coming to an end. With multiple vaccines in the pipeline, 2021 should [hopefully] be a year where we can get things back to normal. Well, a new normal! Whilst 2020 has placed a number of restrictions

Read More
Ticketmaster Fine – ICO may hold you to PCI-DSS…and most likely Cyber Essentials and ISO 27001 too!
19/11/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

On an Ominous Friday the 13th, the UK Data Protection Regulator, the ICO, fined Ticketmaster UK Ltd £1.25million for a data protection breach that occurred over 9 weeks in 2018. In an interesting twist, some of the breach occurred pre-GDPR and some occurred post-GDPR. The 7-figure fine reflects the part of the breach that occurred

Read More
The Nightmare [Cyber Attack] before Christmas
15/11/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

We’re now in the period between Halloween and Christmas. The Christmas music is now in the supermarkets (as they’re the only things open at the moment) and people are looking towards cobbling together some semblance of a family get-together subject to the local Coronavirus restrictions. Some people have already put up their decorations whilst others

Read More
Cascading Risk – What can we learn from the economic collapse of Angkor Wat
02/11/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Now I don’t know about you but, after months of Covid restrictions, there is now little left to watch. Having whistled my way through the entire MCU and the Star Wars nonet during lockdown I found myself flicking through the documentaries looking for something new to watch to decompress after a long day. I’ve avoided

Read More
UK Test and Trace – How to avoid failing at risk management
19/10/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

The UK Test and Trace system has, again, come under fire for IT Glitches. The latest “glitch” is the manifestation of an obvious data quality risk. The test and trace system is overriding address information provided by student end users with data held in a central source. This issue has occurred because some bright spark

Read More
Risk Management – It’s a bit like a hungry baby!
02/07/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

First things first – I am no parenting expert! Up until very recently, I thought that when a baby cries, they need one of four things…cuddles, feeding, nappy change or medical attention. Now it is still true that when a baby cries they most likely need one [or more] of those things. It is also

Read More
Locard’s Exchange – The Principle every Security Operations Analyst needs to know!
31/05/2020 CISO Blog, Security Advisory Blog EditoratLarge

An organisation can have all the security tools in the world. SIEM, UEBA, SOAR, you name it. Ultimately those tools will end up as shelfware if there isn’t a human being looking at the output. Sure, “AI” (or Machine Learning for non-Marketeers) can do a lot of the heavy lifting if properly configured. BUT at some point,

Read More
Operation CYGNUS – Was the UK’s Coronavirus response a failure based in assumption…?
07/05/2020 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

So much has been discussed about the Tier One Command Post Pandemic planning exercise of 2016. For those who haven’t been part of the discussion, the Public Health England, on behalf of the Department of Health delivered a pandemic planning exercise between 18 to 20 October 2016. The exercise was primarily aimed at assessing high-level

Read More
Application Security – Zoom is a Knife Crime!
17/04/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

The news ebbs and flows and so too do people’s attitudes to the world around them. We are all influenced by the media. Take knife crime. In 2019, knife crime was a significant problem in London. So we should ban knives! Knives are dangerous! Knives should not be used under any circumstances. Why are you

Read More