Month: January 2017

Data Privacy Day and the business case for effective security planning

January 28th is International Data Privacy Day and serves as a reminder of the growing importance of data in our organisations and how we must protect it.

Information security management is no longer driven by the fear of security breaches alone. There is now a growing urgency to meet stringent data privacy requirements of legislation, such as the new General Data Protection Regulation (GDPR). Failure to do so could soon result in hefty fines for non-compliance.

Avoid app overload and protect your organisation

Are you app ‘appy or app fatigued? …Forget multiple tools, now there is just one place to get all your information security, data privacy, and compliance work done well.

“What’s your password please caller?”

You are only as secure as your weakest link

Keeping information secure within your organisation rests on the actions of your staff. You can develop strong policies for information security. You can patch, monitor and defend your systems against attacks. You can get certificates and accreditations for all the key standards like; Cyber Essentials, PCI DSS and ISO 27001.

But it can all go wrong with one phone call.

Plan Now for Proposed Privacy and Electronic Communications Regulation (PECR)

The scene has been set as the next major framework in EU privacy regulations was formally proposed and published* on 10th January 2017 by the European Commission in Brussels.

The new Privacy and Electronic Communications (e-Privacy) Regulation, if implemented, would update current rules on the confidentiality of electronic communications. It aims to bring over-the-top service providers (“OTT”) within scope of the EU’s e-Privacy laws for the first time. 

ISO 27001 Cheat Sheet for 2017

We should qualify that there are, of course, no real ‘cheats’ available when seeking ISO 27001 accreditation.

At least not the sort that will give you an ISMS (information security management system) that can be externally accredited. And, according to the Government Cyber Security Breaches Survey 2016*, of those organisations surveyed, 42% looked for ISO 27001 to test or validate the security of providers of online services. This is likely to increase as vendors look to secure their complete supply chain.

Information security priority for 2017

2016 will be remembered by many for some of the alarming cyber events that took place.

There were the allegations that the Russians may have influenced the US presidential campaigns through email interference.

Yahoo announced 500 million user accounts were stolen in 2013, endangering the terms of their acquisition negotiations with Verizon.

Outages of nearly 11 hours disrupted over 1 billion users worldwide in one of the largest cyber attacks in internet history. A DDoS attack on US DNS provider, Dyn, affected major sites including eBay, Twitter, Reddit, Spotify, and Amazon.