risk Archives » Fox Red Risk

Tag: risk

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

Grwpiau cymunedol a COVID-19
Wrth i COVID-19 barhau i ysgubo ar draws y Deyrnas Unedig, mae mwy a mwy o bobl yn cael eu sbarduno i helpu'r rhai sy’n fwyaf agored i niwed yn ein cymunedau. Mae grwpiau eglwysig, cymdeithasau […]
Statement in response to the use of mobile phone tracking data to help during the coronavirus crisis
Statement in response to the use of mobile phone tracking data to help during the coronavirus crisis
Community groups and COVID-19: what you need to know about data protection
As COVID-19 continues to sweep across the UK, more and more people are driven to help the most vulnerable in our communities.
Council employee fined £400 for illegally deleted audio file
A council employee has been fined £400 for an offence under the Freedom of Information (FOI) regulations.
Data protection and coronavirus
We all share the same concerns about the spread of the COVID-19 virus. The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type […]

Calculating Risk – Where’s your Confidence?!

When helping organisations navigate risk management Fox Red Risk is often faced with the task of determining methods for calculating risk. We prefer to use tried and tested methodologies but what we often find is that organisations, very rarely, are calculating risk properly. A key thing missing from the majority of implementation we see is

Security Audit – Are you a ‘Quiddler’?

26/11/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

Are you a Quiddler? No, this is not some fanboi reference to Harry Potter (I’ll be honest I haven’t read one of the series, I’m a proper muggle!). Quiddling, however, is a very real problem in the world of Security Audit. If you want to know more, keep on reading. You could be one of

Business Continuity & 22301:2019 – Do I need to get new BC Software?

04/11/2019 CISO Blog, Security Advisory Blog, Uncategorized EditoratLarge

Here are some changes in the 2019 version of 22301 that could mean your current Business Continuity software solution may no longer be fit-for-purpose.

CISO role: All C and no IA, the 33% CISOs failing their organisations!

23/08/2019 CISO Blog, Operational Resilience Blog EditoratLarge

In the last (maybe…) of my three-part CISO rant series (See Part One and Part Two if you want to catch up) I am going to wrap up with a rant about the 33% CISOs not giving their organisations of a full CISO role. These are the CISOs who think their role is solely about

InfoSec CPE: If you pay for your infosec specialists’ membership fees why aren’t you reviewing their annual CPE transcripts?

28/07/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.

Risk Management: Stop – you’re too controlling!!!

22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

Are Organisations Getting their Pen Test BADLY Wrong?!

12/04/2018 CISO Blog, Security Advisory Blog EditoratLarge

The whole point of penetration testing (pen testing) is to identify how vulnerable an organisation’s technology infrastructure is to attack. I suspect, however, anecdotally, that a lot of organisations have lost sight of this goal and are now opting for a; vendor-led, paint-by-numbers pen test consisting of maybe one of two high-profile Internet-facing applications. I’m not saying this is a systemic issue but from my observation over the last few years, it seems this approach to pen testing is pretty widespread and I think we desperately need a return to pen testing’s ethical hacking roots…