risk Archives » Fox Red Risk

Tag: risk

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

Blog: Data ethics and the digital economy

We’ve just appointed our first data ethics adviser, Ellis Parry, to consider data protection and ethics challenges over the next year.
Why special category personal data needs to be handled even more carefully

Imagine if your medical records, information about your sex life or your political opinions were put into the public domain so anyone could see them. When personal data is shared by mistake the […]
Bond Lecture 2019: ‘Access to Information in Turbulent Times’

Gill Bull, ICO’s Director of Freedom of Information Complaints and Compliance, speech at the British Records Association in London, 13 November 2019.
Information Commissioner reminds political parties they must comply with the law ahead of General Election

The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning
Live facial recognition technology – police forces need to slow down and justify its use

As far back as Sir Robert Peel, the powers of the police have always been seen as dependent on public support of their actions. It’s an ideal starting point as we consider uses of technology […]

Business Continuity & 22301:2019 – Do I need to get new BC Software?

Here are some changes in the 2019 version of 22301 that could mean your current Business Continuity software solution may no longer be fit-for-purpose.

CISO role: All C and no IA, the 33% CISOs failing their organisations!

23/08/2019 CISO Blog admin

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

InfoSec CPE: If you pay for your infosec specialists’ membership fees why aren’t you reviewing their annual CPE transcripts?

28/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.

Risk Management: Stop – you’re too controlling!!!

22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

Are Organisations Getting their Pen Test BADLY Wrong?!

12/04/2018 CISO Blog, Security Advisory Blog admin

The whole point of penetration testing (pen testing) is to identify how vulnerable an organisation’s technology infrastructure is to attack. I suspect, however, anecdotally, that a lot of organisations have lost sight of this goal and are now opting for a; vendor-led, paint-by-numbers pen test consisting of maybe one of two high-profile Internet-facing applications. I’m not saying this is a systemic issue but from my observation over the last few years, it seems this approach to pen testing is pretty widespread and I think we desperately need a return to pen testing’s ethical hacking roots…