Embedding better security culture beyond awareness
Listening to Ira Winkler’s presentation at this year’s Irisscon conference, one of his comments struck a chord. “The right culture is that you don’t need a good security awareness programme because a new employee sees how everyone behaves, and they behave exactly like them,” he said. By way of example, he recalled an incident from […]
Nine for 2019: New Year tips for cybersecurity and privacy professionals
A new year is almost upon us, and that means one thing: resolutions. Easily made, even more easily broken, they’re nevertheless a useful way of setting goals for the next 12 months. We asked Brian Honan, Tracy Elliott, Sarah Clarke, Valerie Lyons and David Prendergast to share their tips for information security practitioners and privacy […]
Yule never believe it: we sleigh the myth about GDPR and Santa
So we’ve all seen the jokes on WhatsApp and Facebook about Santa’s lack of GDPR compliance and how this would all be changed for Christmas 2018. You know the one: He’s making a list He’s checking it twice He’s gonna find out who’s naughty or nice Santa Claus is in contravention of article 4 of […]
Data protection impact assessments for health research: what’s changed under GDPR?
Since GDPR came into effect on 25 May this year, the health regulations have been updated to incorporate more stringent requirements around protecting personal information during healthcare research. The newly updated Health Research Regulations 2018 have raised the bar for carrying out a data protection impact assessment (DPIA). This post is the first in a […]
Security newsround: November 2018
We round up interesting research and reporting about security developments from around the web. This month: blaming the user (or not), passwords, protecting data and privacy, and security leadership (or the lack of it). The blame game Who’s to blame when poor passwords lead to breaches? That was a matter for debate among the respected […]
Beyond governance, risk and compliance: privacy, ethics and trust
We are currently experiencing the fourth industrial revolution (FIR), characterised by a blurred fusion of all things physical, digital and genomic. Each revolution has been accompanied by a privacy legislation wave, linking its governance to the accelerating pace of change. So we find ourselves in the fourth privacy wave, where technological changes outpace regulation – […]
The value in vulnerability assessments: closing gaps to improve security
Vulnerability assessments usually involve using automated tools such as Nessus or Qualys to carry out a passive scan of an organisation’s systems. The process produces a list of security gaps and ranks them in order of risk. It gives an organisation clear data to guide the process of deciding which issues to prioritise first based […]
UK NCSC chief highlights resilience as key to better security
Here’s a question for security professionals to ponder: why are we only ever a few clicks away from disaster? It’s inspired by a recent presentation in Dublin by Ciaran Martin, CEO of the UK National Cyber Security Centre. On a visit to Dublin earlier this month, the UK’s cybersecurity chief stressed the importance of building […]
Conference trick: how to choose worthwhile security and privacy events – and which to avoid
When I started out in my career, I always believed that speakers at conferences were ‘selected’ on the basis of their contribution to the profession. I believed that if someone was on a stage speaking to an audience, they had something important to say – and it was important for me to hear it. I […]
EU Cyber Security Month roundup – advice on staying secure
During October, BH Consulting has been sharing daily advice about digital security and privacy on its social media channels as part of EU Cyber Security Month. This blog gathers together all of these tips into a single place. As each week goes by, we will keep adding to the content, in descending order. By the […]