AWS Cloud: Proactive Security and Forensic Readiness – part 3
Part 3: Data protection in AWS This is the third in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting data within AWS. Data protection has become all the rage for organisations that are processing personal data of individuals in […]
GDPRubbish: seven common data protection myths debunked
I have been evangelising about GDPR for almost two years, professionally and personally. It’s a powerful piece of legislation designed to empower citizens of Europe and to deter the inappropriate information management practices of the past. It aims to rebalance a data subject’s control over information with the organisation’s need to maximise use and profit […]
Security newsround: March 2018
We round up reporting and research from across the web about the latest security news. This month: cryptomining attacks increase, data breaches rise in Ireland, the business cost of ransomware revealed, UK local authorities come under attack from cybercriminals, NotPetya blame laid at Russia’s door, and automated security makes inroads. Tales from the crypto A […]
Business benefits for ISO 27001 certification, and five steps to making it work
Whether you want to reassure a board – or yourself – that your security programme is operating optimally, the ISO 27001 Information Security Standard gives you that confidence. Here are some business-focused benefits to becoming certified, and some tips for making that process run smoothly and successfully. Choosing to get certified First, let’s address a […]
AWS Cloud: Proactive Security and Forensic Readiness – part 2
Part 2: Infrastructure-level protection in AWS This is the second in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting your virtual infrastructure within AWS. Protecting any computing infrastructure requires a layered or defence-in-depth approach. The layers are typically divided […]
Security newsround: February 2018
We round up reporting and research from across the web about the latest security news. This month: coinjacking for cryptocurrency, CEO fraud takings, Google gets into security, a hefty fine for data breach, and social engineering the CIA. They got the jack Irish Government websites were among 4,200 portals around the world infected with ‘coinjacking’ […]
Prepare for breach: 10 steps to better incident response planning
Developing an incident response plan – and testing various scenarios against it – is now a must. Let’s all remember the Central Bank of Ireland’s stark warning back in 2016. “Firms should assume they will be subject to a successful cyber-attack or business interruption.” Having a structured and formalised response plan ensures organisations can deal […]
Time to see security training as an investment, not a cost
Having finished 2017 with a blog about allocating security spending, we’re starting the new year on a similar note. Specifically, it’s about investing in security awareness training. Harvard Business Review argued that better training is the best security investment a business can make. Its choice of word was deliberate: businesses need to see security training […]
Data Protection Implications of Brexit
Well I guess this comes as no big surprise. In its “Notice to stakeholders: withdrawal of the United Kingdom and EU rules in the field of data protection”, the EU today declared that the United Kingdom post Brexit will not meet the adequacy requirements with regards to the transfer of personal data from the EU […]
Here’s FUD in your eye: how to tell GDPR fact from fiction
Like it or not, fear, uncertainty and doubt [FUD] are time-honoured tactics for some vendors to scare up easy sales. The General Data Protection Regulation (GDPR) is seeing its fair share of FUD, and Brian Honan has called out the ‘fake news’ surrounding the regulation. GDPR = Y2K? In an audio interview with Information Security […]