Category: Security Advisory Blog

Category: Security Advisory Blog

Data Retention – A €14.5million fine awaits for Real Estate Data Archive non-compliant with GDPR?
05/11/2019 DPO Blog, Security Advisory Blog admin

Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get

Read More
Business Continuity & 22301:2019 – Do I need to get new BC Software?
04/11/2019 CISO Blog, Security Advisory Blog, Uncategorized admin

Here are some changes in the 2019 version of 22301 that could mean your current Business Continuity software solution may no longer be fit-for-purpose.

Read More
Public Information & GDPR – I can do what I like with it…wrong!
28/10/2019 DPO Blog, Security Advisory Blog admin

There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public

Read More
Data Breach: 10% of affected businesses closed down in 2019…or did they…?
23/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

I know there is a rush to get things out the door and I am very grateful for those who report on data breach stats but this article from Dark Reading piqued my interest: 10% of Small Businesses Breached Shut Down in 2019. Whenever I see a statistic like this I am always a little

Read More
Security KRI – Are the Management Team walking around naked?
15/10/2019 CISO Blog, Security Advisory Blog admin

Poorly defined security KRI or Key Risk Indicators can give your senior management team a false sense of security but is a fear of presenting a potentially negative picture akin to the Hans Christian Anderson tale, ‘The Emporer’s New Clothes’? In this fairytale two tailors promise their emperor a new suit and tell him that

Read More
Cookie consent after C-673/17 – To Consent or not to Consent…
02/10/2019 DPO Blog, Security Advisory Blog admin

Firstly, this is legal information about cookie consent, not legal advice… The judgement of the CJEU case C-673/17 is now doing the rounds and as one has come to expect when it comes to Data Protection recently, there is a lot of hot air and bluster about what the ruling means. Is this some form of paradigm shift in

Read More
Climate Change Solved: GDPR mitigates climate change risk!
01/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours

Read More
Securing small businesses – block ‘most’​ external cyber threats with these four low-cost controls
12/09/2019 CISO Blog, Security Advisory Blog admin

Securing small businesses is a different type of challenge to securing a larger organisation. Doing these four things could block most external cyber threats!

Read More
InfoSec CPE: If you pay for your infosec specialists’ membership fees why aren’t you reviewing their annual CPE transcripts?
28/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.

Read More
Risk Management: Stop – you’re too controlling!!!
22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

Read More