With all eyes on Manchester as the UK’s fastest growing tech hub, its’s easy to get caught up in the excitementand forget about some of the the more grown-up aspects of managing sustained growth in a tech environment, like effective risk and security management. Manchester businesses that are planning business improvements for the coming year, (perhaps in light of GDPR or due to customers’ requirements) would be wise to consider implementing
16
Nov
Nov
Do you want to upgrade your data security and privacy management and demonstrate this to customers, prospects and other stakeholders but don’t know whether to adopt the ISO 27001 or SOC 2 guidelines? You are not alone. Scope of Certification ISO 27001 and SOC 2 are two of the most commonly implemented information security and risk management frameworks. Each has its applications and benefits. The two standards cover many of the same areas, based on requirement to implement controls to protect the confidentiality, integrity and availability of sensitive information. In this respect, the two standards are much more similar than
15
Oct
Oct
Depending on your starting point, implementing an ISO-2700-compliant Information Security Management System (ISMS) can be a challenge. But, if you need to demonstrate, to customers and/or regulators, that you have control of your information security, ISO 27001 is definitely worth the effort. If you’re just getting started planning an ISO 27001 implementation, check out this 10 step checklist to help you on the journey. 1. Get the team together Step one is to appoint a Project Leader to head-up the implementation of the ISMS. This person should have a well-rounded knowledge of information security as well as the authority to
14
Jun
Jun
For Chrome users who currently enjoy ad-free browsing, a recent announcement from Google is not likely to go down well. It has been confirmed that Google is going ahead with a controversial change to the rules which govern Chrome browser extensions. Unless you’re a paying Enterprise user, this change will mean that many content blockers, like uBlock Origin and uMatrix ad blockers, will no longer work on Chrome
23
Nov
Nov
Windows 10 Defender Antivirus is now the most commonly deployed AV on Windows 10 PCs.After all, it comes with the OS and is an excellent product. It is, however, worth remembering that it is just software like any other and, as such, potentially vulnerable to attack. Anti-virus, by its very nature, needs to have high level permissions. To function properly, the software must be able to read all files, see all data in memory and to monitor all system events as they happen. This demands the highest level of privilege.
02
Nov
Nov
No company is a data island any longer. Greater volumes of data are being shared with third parties than ever before. Consequently, our responsibilities for information security and data protection do not stop at the boundaries of our own company’s infrastructure and systems. Supplier security management is now a high priority for information security managers. Who Has Your Data? Your data is handled in numerous ways by third parties these days. The most common example is where you share data to outsource particular business processes like payroll, customer support or telemarketing. Even if your IT services are all managed in
29
Oct
Oct
If you want to improve information security management or just want to find out how you currently measure up security-wise, there is no better place to start than with an information security gap analysis. There are many ways to carry out a security gap analysis but the most efficient method, we find, is to compare your information Security Management System (ISMS) with best practice, as defined in an industry standard.
01
May
May
The UK population is one of the most surveilled in the world, with up to 5.9 million CCTV cameras in operation in (2015 estimate). This probably comes as no big surprise as most businesses from small convenience stores to large office buildings will have a CCTV system in place for security as well as health and safety.
13
Feb
Feb
Before you install an Internet of Things (IoT) device into your home or business, think long and hard about what data it is collecting and where that data is being sent. IoT Good or Bad? There is plenty of noise in the tech media about the Internet of Things (IoT). Despite the coverage, people still aren’t quite sure whether it’s a good or bad thing. Less than two years ago, there was a huge attack on an Internet service provider in which a botnet of IoT devices played a large part and made a portion of the Internet unavailable for
30
Nov
Nov
A good place to start your GDPR compliance journey is to establish whether or not you have a legal basis for processing personal data? Many organisations believe this is about establishing consent. This is not the case. In preparation for the EU General Data Protection Regulation, organisations will need to ensure any activities which involve the processing of personal information are undertaken under one of the six lawful bases for processing.