Category: Cyber
-
What the CoP – Is the Cloud forecast clear for TSA?
I often liken the process of achieving compliance with the Telecommunications Security Act (TSA) as being a journey, with many crossroads and pitfalls along the way. The devil is in the detail and there is a range of myths which can lead you into a cul-de-sac. The use of public Cloud services is often a… Read more
-
What the CoP – are you missing key supply chain measures?
Introduction I’m seeing organisations who are looking the 54 Technical Guidance Measures within the Third party supplier measures 3 section as part of their compliance journey with the Telecommunications code of practice, yet are unclear on when the measures need to be addressed because they have a indicated date of evidence as being all new… Read more
-
Learning from the past – have we been successful in changing value perception?
In September 2006, I wrote a dissertation on changing the value perception of security within the enterprise. Whilst you would hope that that the challenges I discovered would be resolved organically in the almost 18 years since published, many of the challenges remain. The learning from this dissertation led me in my career since, and… Read more
-
Has compliance kept up with digital during the pandemic?
The pandemic has delivered 7 years of transformation in the space of a year but just as companies are facing up to the financial debts from the past year, so we are able to quantify the compliance debts to be paid through analysis of the DCMS breaches survey from 2021. I looked at last years study to see… Read more
-
Getting back to basics post COVID
After the largest transformational event in decades, which ripped the corporate rulebook up and forced organisations beyond the firewall and into home working and the Cloud, we are emerging into a new way of working after implementing 10yrs worth of corporate change into a couple of months. Just how useful was your compliance during COVID?… Read more
-
Back to cyber security basics – learning from easyJet
Another day another breach, this time for EasyJet who announced that it has been the target of an attack from a highly sophisticated source. Here’s what has been published so far. “Our investigation found that the email address and travel details of approximately 9 million customers were accessed. These affected customers will be contacted in the next… Read more
-
Does board perception meet reality for cyber security?
During the lockdown due to the coronavirus, I’m struck by how rapidly society and healthcare are adapting to remote working in alignment with the government guidance in the UK. We have seen increasing tolerance towards using internet-facing systems for care of vulnerable patients and temporary relaxation of data protection and cyber security standards for health and social care.… Read more
-
COVID-19 and BCP – is your governance remotely working?
COVID-19 (Also known as coronavirus) has taken us all by surprise. The most interesting aspect though is the home working advice which will have driven a coach and horses through many certified management systems for information security (ISO/IEC-27001:2017) and business continuity (ISO/IEC-22301:2012). The reason for this is that many of these management systems rely on… Read more
-
Beyond Cyber – learning from WannaCry
Just over a week ago, the headlines were screaming about a Cyber attack against the NHS, the nightmare scenario of Denial of (public) Service was upon us. WannaCry ransomware was tearing through the world, encrypting everything in its wake and wreaking havoc. Getting to the root of the problem The issue was deemed to be a… Read more
-
Is Cyber resilient?
Is Cyber resilient? The recent announcement from Matt Hancock about Cyber Essentials becoming important for the supply chains of public and private sector organisations is one that is a logical evolution of the Cyber strategy. However, is it really making the United Kingdom resilient to Cyber attack? What’s wrong with existing compliance? It’s often said that… Read more