At the recent East Midlands Cyber Security Forum (EMCSF), I was fortunate enough to have the opportunity to chair a panel session on the topic of ransomware. Continue reading
In July I attended and presented at the East Midlands Cyber Security Conference and Expo, at the National Space Centre in Leicester.
In their presentations, Derbyshire’s Assistant Chief Constable – Martyn Bates, Del Heppenstall – Director, KPMG, and Christian Toon – Cyber Security Specialist, PricewaterhouseCoopers LLP all mentioned in one way or the other the importance of maintaining an asset list.
In my presentation on Implementing Cyber Essentials, I also observed that while not a specific requirement of Cyber Essentials, in practice you will find it hard to manage a certified environment unless you have a good view of the complete list of assets.
If we take a look at the ISO 27001 standard for information security management systems, Section A 8.1.1 declares “Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained”.
So the evidence seems conclusive, if you care about security in your business, you really must make an asset list. Without one, how can you be sure the asset is suitably protected?
Computer hacking has evolved considerably over the past 20 years. What was once a “hobby” to demonstrate technical prowess, by breaking into systems and putting graffiti on web sites, then evolved into stealing as a way of gaining criminal financial reward. Continue reading
The UK’s Cyber Essentials Scheme took a major step forward at the beginning of this year when the UK Ministry of Defence (MOD) mandated that its suppliers need to have obtained a Cyber Essentials certificate before they are able to undertake certain contracts.
This news has been coming for quite a while but judging by some reaction to this mandating of Cyber Essentials, it appears to have caught some by surprise. Continue reading
According to the latest UK Cyber Breaches statistics, three-quarters of large organisations suffered a staff-related breach and nearly one-third of small organisations had a similar occurrence within the last year. Continue reading
As I’m sure many of the readers of this blog will be aware Cyber Essentials is a UK Government scheme encouraging organisations to adopt good practice in information security. It includes an assurance framework, and a simple set of security controls, to protect IT.
It was launched in a big fanfare in June of last year; it became mandated for certain UK Government IT contracts in October 2014; but it has seen relatively low take-up. Or at least thus far. Continue reading
Rather than bring you the 12 Days of Christmas, we’ve done the 12 themes of 2014 instead! A look back at what has been making the headlines in the world of Information Security (and beyond) this year. Take a moment to relive the year…… Continue reading
That was the question that the IISP East Midlands branch tried to tackle recently at its forum in Leicester. The evening gave a chance for information security professionals across the region to get together to network with colleagues and discuss this most important of issues.
I recently attended a professional development event in Birmingham run by OWASP and the Institute of Information Professionals (IISP). One of the topics on the agenda was how to evade anti-virus (AV) software packages.
Shock horror. The breaking news is that AV software is not going to stop cyber attacks on your organisation, as has been blogged on before here on Cyber Matters.
However two aspects stood out for me.