CISO Blog Archives » Fox Red Risk

Category: CISO Blog

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

Blog: Data ethics and the digital economy

We’ve just appointed our first data ethics adviser, Ellis Parry, to consider data protection and ethics challenges over the next year.
Why special category personal data needs to be handled even more carefully

Imagine if your medical records, information about your sex life or your political opinions were put into the public domain so anyone could see them. When personal data is shared by mistake the […]
Bond Lecture 2019: ‘Access to Information in Turbulent Times’

Gill Bull, ICO’s Director of Freedom of Information Complaints and Compliance, speech at the British Records Association in London, 13 November 2019.
Information Commissioner reminds political parties they must comply with the law ahead of General Election

The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning
Live facial recognition technology – police forces need to slow down and justify its use

As far back as Sir Robert Peel, the powers of the police have always been seen as dependent on public support of their actions. It’s an ideal starting point as we consider uses of technology […]

Business Continuity & 22301:2019 – Do I need to get new BC Software?

Here are some changes in the 2019 version of 22301 that could mean your current Business Continuity software solution may no longer be fit-for-purpose.

Data Breach: 10% of affected businesses closed down in 2019…or did they…?

23/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

I know there is a rush to get things out the door and I am very grateful for those who report on data breach stats but this article from Dark Reading piqued my interest: 10% of Small Businesses Breached Shut Down in 2019. Whenever I see a statistic like this I am always a little

Security KRI – Are the Management Team walking around naked?

15/10/2019 CISO Blog, Security Advisory Blog admin

Poorly defined security KRI or Key Risk Indicators can give your senior management team a false sense of security but is a fear of presenting a potentially negative picture akin to the Hans Christian Anderson tale, ‘The Emporer’s New Clothes’? In this fairytale two tailors promise their emperor a new suit and tell him that

Climate Change Solved: GDPR mitigates climate change risk!

01/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours

Technical Debt: A Cautionary Tale!

19/09/2019 CISO Blog, DPO Blog admin

Once an organisation understands the technical debt borrowed by its project managers the more likely projects will deliver the expected outcomes.

Securing small businesses – block ‘most’ external cyber threats with these four low-cost controls

12/09/2019 CISO Blog, Security Advisory Blog admin

Securing small businesses is a different type of challenge to securing a larger organisation. Doing these four things could block most external cyber threats!

Security ROI: The only Board-level cybersecurity metric you’ll ever need.

04/09/2019 CISO Blog admin

if the CISO isn’t providing their Board with a security ROI figure, then it’s quite probable the organisation is spending too much on the wrong things.

CISO role: All C and no IA, the 33% CISOs failing their organisations!

23/08/2019 CISO Blog admin

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

Security Strategy: If you want to run a SOC, you’re not ready to be a CISO

17/08/2019 CISO Blog admin

A CISO is a strategic role, not an operational role – if you still want to run a Security Operations Centre (SOC) then (attitudinally at least) you’re not ready to be a CISO…here’s why…

CISO Reporting Line: Your CISO should not report to the CIO or the COO or the CFO…here’s my rant as to why it’s bad Joo Joo!

16/08/2019 CISO Blog admin

The CISO reporting line is to 1 of 2 roles. The CRO if the CRO sits on the senior management team. If no CRO, then CISO should report to CEO directly.