CISO Blog Archives » Fox Red Risk

Category: CISO Blog

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

Statement in response to media enquiries about the Data Protection Impact Assessment for the NHSX’s trial of contact tracing app
“We are reviewing the Data Protection Impact Assessment for NHSX’s pilot of its contact tracing app in the Isle of Wight. We’ll feedback our comments as quickly as possible so that […]
ICO statement on Adtech work
Statement from the ICO
Information Commissioner sets out new priorities for UK data protection during COVID-19 and beyond
A blog by Elizabeth Denham, Information Commissioner.
COVID-19 contact tracing: data protection expectations on app development
Information Commissioner Elizabeth Denham and Head of Technology and Innovation Simon McDougall appear before the Human Rights Joint Committee on 4 May 2020.
Statement in response to details about an NHSX contact tracing app to help deal with the COVID-19 pandemic
Statement in response to details about an NHSX contact tracing app to help deal with the COVID-19 pandemic.

Operation CYGNUS – Was the UK’s Coronavirus response a failure based in assumption…?

So much has been discussed about the Tier One Command Post Pandemic planning exercise of 2016. For those who haven’t been part of the discussion, the Public Health England, on behalf of the Department of Health delivered a pandemic planning exercise between 18 to 20 October 2016. The exercise was primarily aimed at assessing high-level

Application Security – Zoom is a Knife Crime!

17/04/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

The news ebbs and flows and so too do people’s attitudes to the world around them. We are all influenced by the media. Take knife crime. In 2019, knife crime was a significant problem in London. So we should ban knives! Knives are dangerous! Knives should not be used under any circumstances. Why are you

Morrisons NOT vicariously liable for employee data protection breach says UK Supreme Court

01/04/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

Firstly – This is legal information of general interest and does not constitute legal advice of any kind. On April 1, 2020, the UK Supreme Court today handed down their judgement in the case of WM Morrisons Supermarkets plc (Appellant) v Various Claimants (Respondent), case UKSC 2018/0213. The Supreme Court unanimously ruled that Morrisons were not

Coronavirus Load balancing – Understand it can’t be stopped. We’re just smoothing the peaks in demand.

14/03/2020 CISO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Similar to the way your IT teams will be trying very hard to load balance the impact of all your extra remote working VPN connections, the government is trying to load balance the impact on the health service and the economy…keep calm and read on!

Calculating Risk – Where’s your Confidence?!

05/03/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

When helping organisations navigate risk management Fox Red Risk is often faced with the task of determining methods for calculating risk. We prefer to use tried and tested methodologies but what we often find is that organisations, very rarely, are calculating risk properly. A key thing missing from the majority of implementation we see is

Virtual CISO – Dispelling the Myths!

22/02/2020 CISO Blog, Security Advisory Blog EditoratLarge

The virtual CISO or virtual Chief Information Security Officer is a relatively new concept and with that comes a few misunderstandings of what the client actually gets (i.e. solid cybersecurity protection for your business). The word “virtual” probably doesn’t do us any favours but let’s look at some of the more common misconceptions about a

Cybersecurity Skills Gap – Who is doing the teaching…and who should provide the funding?

10/02/2020 CISO Blog, Security Advisory Blog EditoratLarge

It seems like every other day there is yet another article highlighting the impending apocalypse of the cybersecurity skills gap. The articles often moan that it is the fault of the employer for wanting qualified personal (who knew) and then try to solve the problem essentially with the advice: Why not hire someone who wants

Asset Discovery for Cybersecurity & Data Protection – You can’t protect it if you don’t know it exists!

03/02/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should

Supply Chain Resilience – Who are your Backup Suppliers?

13/01/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Is your supply chain resilience programme reminiscent of the article image? Aged, poorly maintained, complex, hard-to-untangle. Do you carry out due diligence at the beginning of your engagements? More importantly, do you carry out ongoing governance and oversight? Even more importantly, does supply chain resilience form part of your wider operational resilience strategy or business

SWIFT independent assessment – have you booked yours?

07/01/2020 CISO Blog, Security Advisory Blog EditoratLarge

The SWIFT independent assessment regime will kick in later this year. Have you booked in your assessment? If not, Fox Red Risk has some availability to carry out assessments. Remember the SWIFT payments attacks a few years back? As a reminder In 2015 & 2016, a series of cyberattacks using the SWIFT banking network, which