web-archive-uk.com


Web directory, archive
Search web-archive-uk.com:


Find domain in archive system:
web-archive-uk.com » UK » C » CSRISKMANAGEMENT.CO.UK

Total: 259

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CS Risk Management - CS InfoSec Blog
    of defence Data breaches are proliferating and the associated costs are exploding According to the Ponemon Institutes s 2014 Cost of Data Breach Study United Kingdom study the average cost of a data breach has reached in the UK increased from 2 04 to 2 21 million Businesses general liability policies don t cover those costly data breaches which points to cyber insurance being a wise choice In fact AON PLC the world s largest reinsurance broker claimed in October 2014 that the cyber insurance market was at the time growing at 38 annually However as a case in the US a bit earlier this year has shown cyber insurance should not be relied upon as your first line of cyber defence Continue reading This entry was posted in Cyber Security Security Awareness on 9 June 2015 by Maritz Cloete Is it Security Awareness or Training Earlier today someone suggested that security awareness training should be delivered in a similar manner to the green cross code as the desired outcome for both activities is the same As a child I was a proud member of the tufty club which taught kids from the 1960 s and early 1970 s the dangers of playing near and crossing roads In the mid 70 s the first version of the Green Cross code was published consisting of a step by step procedure to assist pedestrians cross the road safely Rather than squirrel and other woodland creatures the code had a superhero called the Green Cross Code man who appeared in adverts from 1975 until until 1990 Continue reading This entry was posted in Security Awareness and tagged Cyber Security security awareness Security Controls security training on 26 November 2014 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=37 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    child I was a proud member of the tufty club which taught kids from the 1960 s and early 1970 s the dangers of playing near and crossing roads In the mid 70 s the first version of the Green Cross code was published consisting of a step by step procedure to assist pedestrians cross the road safely Rather than squirrel and other woodland creatures the code had a superhero called the Green Cross Code man who appeared in adverts from 1975 until until 1990 Continue reading This entry was posted in Security Awareness and tagged Cyber Security security awareness Security Controls security training on 26 November 2014 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Information Security cyber essentials plus Data Loss Prevention Data Protection APT PCI DSS ISO27001 DPA Cyber Security cyber essentials EU Data Regulation ISO27001 2013 ISMS Cyber Security Defence Social Media Management Support ISO IEC27001 2013 Advanced Persistent Threats Security Controls ISO27000 RSS feed If you want to stay up to date with our blog

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=security-awareness-2 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    child I was a proud member of the tufty club which taught kids from the 1960 s and early 1970 s the dangers of playing near and crossing roads In the mid 70 s the first version of the Green Cross code was published consisting of a step by step procedure to assist pedestrians cross the road safely Rather than squirrel and other woodland creatures the code had a superhero called the Green Cross Code man who appeared in adverts from 1975 until until 1990 Continue reading This entry was posted in Security Awareness and tagged Cyber Security security awareness Security Controls security training on 26 November 2014 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Security Controls Data Loss Prevention DPA Information Security Advanced Persistent Threats APT ISO IEC27001 2013 Social Media Management Support Cyber Security ISMS ISO27000 cyber essentials cyber essentials plus ISO27001 2013 Cyber Security Defence PCI DSS EU Data Regulation Data Protection ISO27001 RSS feed If you want to stay up to date with our blog

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=security-training (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    access the company data By developing an evolutionary awareness programme for all users the threat level can be reduced An effective security awareness programme addresses three key areas It is regularly reviewed and updated as the social engineering attacks adapt and become increasingly sophisticated It is visible and repeated regularly as it has been seen in experiments that despite telling people not to click on attachments the advice is forgotten quickly and Employees know who to tell when they are subjected to a social engineering attack so that the incident can be captured and lessons learnt Application Security was identified as the top threat to information security professionals in the 2011 ISC 2 Global Information Security Workforce study Therefore it is worth taking time and effort to ensure that exposure in this area is minimised Key areas to be considered are Ensuring that applications and systems are updated with the latest patches and known vulnerabilities are addressed is a key step in ensuring that there is no easy access for a potential attacker Modifying default vendor supplied usernames and passwords on internet accessible devices and Incorporating security requirements into the software development process Since 1995 the British Standards Industry has published Information Security Management guidelines and these have developed into the ISO 27000 series The series provides best practice recommendations on information security management risks and controls Many companies are finding that the benefits provided by alignment with the standards include A quality based methodology to evaluate implement maintain and manage the information security program Information Risk management which provides a mechanism to integrate information security into the companys overall risk management strategy and Improved image as it demonstrates to customers that the security of their information is paramount Many companies believe that its not a case of if they

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=38 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    provide organisations with basic protection from the most prevalent forms of threats coming from the Internet In particular it focuses on threats which require low levels of attacker skill and which are widely available online One of the questions recently asked of us as an Information security consultancy is Would Cyber Essentials have protected our organisation from the Shellshock exploit Whilst the answer is No because it was a brand new technical vulnerability the answer to the follow up question Would it have made it easier for us to address the impact from the Shellshock exploit is Yes The five control areas of Cyber Essentials would have provided the following protection Boundary Firewalls and Internet Gateways controls would have ensured that that a majority of your vulnerable systems were protected behind securely managed firewalls thereby denying internet based hackers easy access to these systems Secure Configuration controls would have ensured that internet facing systems are configured to provide only the services required for fulfilling their role reducing the number of internet facing systems that may be susceptible to the Shellshock vulnerability User Access Controls would have minimised the opportunity for hackers to gain access to your network using an insecure privileged inactive or default accounts to exploit the Shellshock vulnerability on your internal IT systems Malware Protection would have reduced an attacker s chances of deploying Shellshock exploiting malware onto your company network through e mail or web phishing Patch management would have ensured that you applied the correct software patches to any vulnerable systems in the minimum amount of time reducing a Shellshock attacker s window of opportunity even further Exploits like Shellshock are rare however the rate of cyber attacks are rapidly increasing Cyber Essentials provides a set of controls to mitigate the risk from common internet based

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=10 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    The Regulations allow for an unlimited fine where individuals are convicted under section 55 offence of obtaining or disclosing personal data without the consent of the data controller The ICO has confirmed that it is conceivable for a Data Protection Officer to commit a criminal offence under section 55 DPOs caught breaching the rules therefore may find themselves liable to payment of a fine of a now uncapped amount This entry was posted in Data Protection Act Compliance Uncategorized and tagged Data Protection DPA on 21 April 2015 by Maritz Cloete Post navigation PCI 3 1 released SSL 3 0 and TLS 1 0 no longer good enough IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Data Protection ISO27001 Information Security APT EU Data Regulation Management Support Advanced Persistent Threats cyber essentials plus ISMS ISO27000 cyber essentials ISO27001 2013 Social Media ISO IEC27001 2013 DPA PCI DSS Cyber Security Cyber Security Defence Data Loss Prevention Security Controls RSS feed If you

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=201 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    Maritz Cloete Amazon cloud contract terms meet EU standards on data transfers Certain contract terms used by cloud provider Amazon Web Services have been deemed by the Luxembourg DPA to be a safe way of effecting international data transfers The decision of the National Commission for Data Protection in Luxembourg on behalf of the Article 29 Working Party follows a similar endorsement given to Microsoft last year The Luxembourg authority said that the approval will reduce the number of national authorisations businesses will need to obtain from EU DPAs for their transfers outside of the European Economic Area if contracting with AWS for the storage of that data This entry was posted in Data Protection Act Compliance and tagged EU Data Regulation on 8 April 2015 by Maritz Cloete ICO tells UK businesses to sort out data protection right now The ICO has told UK businesses to sort out data protection right now even though the new European Data Protection is only scheduled to come into force by 2017 at the earliest There is a lot going on in data protection that UK firms should be aware of besides the new EU data protection rules deputy information commissioner David Smith told a Westminster eForum in London Continue reading This entry was posted in Cyber Security Data Protection Act Compliance and tagged Data Protection on 23 March 2015 by Maritz Cloete Data Protection one for all and all for one The proposed Data Protection Regulation has stirred up controversy because of the implications for businesses and an increase in potential fines An updated law that takes the increasing challenges of data security into account is long overdue but will the potential benefits of the new Regulation outweigh the perceived burdens Continue reading This entry was posted in Data Protection Act Compliance

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=21 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    8 June 2015 by Maritz Cloete UK courts can now impose unlimited DPA fines Magistrates courts are no longer limited to 5 000 fines for criminal offences under the DPA following the entry into force of the Legal Aid Sentencing and Punishment of Offenders Act 2012 Fines on Summary Conviction Regulations 2015 on 12th March 2015 The Regulations allow for an unlimited fine where individuals are convicted under section 55 offence of obtaining or disclosing personal data without the consent of the data controller The ICO has confirmed that it is conceivable for a Data Protection Officer to commit a criminal offence under section 55 DPOs caught breaching the rules therefore may find themselves liable to payment of a fine of a now uncapped amount This entry was posted in Data Protection Act Compliance Uncategorized and tagged Data Protection DPA on 21 April 2015 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics ISO IEC27001 2013 Cyber Security Data Loss Prevention cyber essentials plus EU Data Regulation ISO27000 Data Protection DPA

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=1 (2016-02-14)
    Open archived version from archive



  •  


web-archive-uk.com, 2017-12-12