web-archive-uk.com


Web directory, archive
Search web-archive-uk.com:


Find domain in archive system:
web-archive-uk.com » UK » C » CSRISKMANAGEMENT.CO.UK

Total: 259

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CS Risk Management - CS InfoSec Blog
    Company data may become at risk of disclosure such as a call centre worker selling customer information to a competitor to give them a competitive advantage or knowledge of when a re occurring contract may come to an end Malicious damage could be caused to systems and data or a delay could be caused to a project which would benefit a competitor Alternatively an employee may become frustrated with their situation and blame the company which may also lead to malicious damage being caused The last consideration is that it may not be a sole employee who is looking to steal or cause malicious damage but there may be multiple people involved Continue reading This entry was posted in Cyber Security and tagged Insider Threat on 10 November 2014 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Cyber Security Defence cyber essentials plus ISO IEC27001 2013 Advanced Persistent Threats Security Controls ISMS ISO27001 2013 APT Social Media Management Support Data Loss Prevention PCI DSS ISO27001 cyber essentials DPA EU Data

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=insider-threat (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    this would impact all areas of the business The other area that should be contemplated is cost as this may be more complex than initially thought If the devices are owned by the employees this will save the company money but the data that resides on those devices must be secured There are potentially two options for this The first is that access can be granted to a virtual session and applications can be used as part of the session as well as data stored on central drives In addition this will allow for virus protection to be located on the central systems with no requirement for the end device to have virus protection The second option is to secure the device this would initially require the permission of the employee and then would mean considerations such as drive encryption virus protection and access controls It would also have to be agreed who purchased and owned the software for the device as it would be required for company use but would also benefit the employee Another area for consideration would be around loss of productivity due to device failure With a standardised IT environment if a fault occurs with a device spares can be held and the device replaced If an employee owned device failed then the onus would be on the employee to fix or replace the device using the standard consumer returns or replacement process which could take some time The other option for companies looking at bring your own device is to consider the cost of buying the equipment required for example if an employee is using their own phone to pick up their email there may be a legitimate business need for them to have a device to remotely receive email in which case the company

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=40 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    the possibility of adopting a bring your own device policy and the effect that this would have on the companys operations The positive side of this is that bring your own device allows for flexible working as the device can be used anywhere with a potential cost saving to the company and increase in employee satisfaction The concerns would be that there could be an increase in security controls as a secure environment may need to be created on the device or a secure connection to a central environment as well as remote data removal control Continue reading This entry was posted in Cyber Security and tagged Bring Your Own Device Bring Your Own Disaster BYOD on 29 May 2014 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics ISO IEC27001 2013 ISMS EU Data Regulation Cyber Security Defence DPA cyber essentials ISO27000 ISO27001 Management Support Advanced Persistent Threats ISO27001 2013 Data Protection PCI DSS Social Media Security Controls cyber essentials plus APT Information Security Data Loss Prevention Cyber Security RSS

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=bring-your-own-device (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    possibility of adopting a bring your own device policy and the effect that this would have on the companys operations The positive side of this is that bring your own device allows for flexible working as the device can be used anywhere with a potential cost saving to the company and increase in employee satisfaction The concerns would be that there could be an increase in security controls as a secure environment may need to be created on the device or a secure connection to a central environment as well as remote data removal control Continue reading This entry was posted in Cyber Security and tagged Bring Your Own Device Bring Your Own Disaster BYOD on 29 May 2014 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Cyber Security Defence ISO IEC27001 2013 EU Data Regulation cyber essentials plus Information Security DPA Management Support APT PCI DSS ISO27001 Security Controls Cyber Security cyber essentials Social Media Data Protection ISO27000 ISMS Data Loss Prevention Advanced Persistent Threats ISO27001 2013 RSS feed

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=byod (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    intended for The major differences and what it means for your existing BCM programme are Greater focus on planning and preparing resources for BCM including Understanding the context of the organization and understanding the needs of interested parties determining the risk appetite and using that as a basis for BC strategy and objectives The impact of this will be that organisations will have to spend much more time on up front planning and preparation to implement a BCM capability rather than just dive in and start writing BC Plan documents which might not necessarily fit in with the overall BC Strategy More emphasis on top management commitment through greater leadership enabling an environment of support and involvement in BCM This will mean that management will need to commit more time and resources to ensuring they implement a BCM capability rather than going through a tick box exercise Greater emphasis on BCM system performance and metrics analysis and determining the effectiveness of your BCM System This is reinforced by the requirement for permanent monitoring of the BCM System as well as periodic reviews to measure and improve its operation This will mean that organisations will need to prove on an on going basis the cyclical nature of the BCMS lifecycle i e measuring the effectiveness of the BCMS against the BC Strategy and goals and providing proactive remediation where needed There is recognition of more modern working practices particularly relating to third party arrangements and the requirement for organisations to control and take responsibility of those activities which could affect their business The standard requires that Organisations shall control processes that are contracted out or outsourced This will mean that organisations will have to be more proactive in their management and responsibility for 3rd party service providers ensuring that an appropriate level of due diligence and on going audit and remediation takes place You cannot pass responsibility to the 3rd parties MTPD Maximum tolerable period of disruption and RTO Recovery time objective have been replaced with the following Setting prioritized timeframes for resuming these activities at a specified minimum acceptable level taking into consideration the time within which the impacts of not resuming them would become unacceptable In essence there is no change here apart from wording which is part of the rationale for introducing the revised Management System Model Organisations will still need to identify minimum recovery time requirements prioritized across all critical systems in a proper top down way BC Procedures formally 4 3 Developing and implementing a BCM Response now has the following requirements Procedures need to be established to ensure interested parties are warned and communicated with Incident response must include a trigger point for invocation Each plan must include information which might have been previously stated collectively i e each plan must be capable of standing alone Organisations must make sure they include all interested parties in their incident communications and an invocation trigger point must be decided and adhered to rather than making it an

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=44 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    the standard is more suited to the international audience it is intended for The major differences and what it means for your existing BCM programme are Greater focus on planning and preparing resources for BCM including Understanding the context of the organization and understanding the needs of interested parties determining the risk appetite and using that as a basis for BC strategy and objectives The impact of this will be that organisations will have to spend much more time on up front planning and preparation to implement a BCM capability rather than just dive in and start writing BC Plan documents which might not necessarily fit in with the overall BC Strategy More emphasis on top management commitment through greater leadership enabling an environment of support and involvement in BCM This will mean that management will need to commit more time and resources to ensuring they implement a BCM capability rather than going through a tick box exercise Greater emphasis on BCM system performance and metrics analysis and determining the effectiveness of your BCM System This is reinforced by the requirement for permanent monitoring of the BCM System as well as periodic reviews to measure and improve its operation This will mean that organisations will need to prove on an on going basis the cyclical nature of the BCMS lifecycle i e measuring the effectiveness of the BCMS against the BC Strategy and goals and providing proactive remediation where needed There is recognition of more modern working practices particularly relating to third party arrangements and the requirement for organisations to control and take responsibility of those activities which could affect their business The standard requires that Organisations shall control processes that are contracted out or outsourced This will mean that organisations will have to be more proactive in their management and responsibility for 3rd party service providers ensuring that an appropriate level of due diligence and on going audit and remediation takes place You cannot pass responsibility to the 3rd parties MTPD Maximum tolerable period of disruption and RTO Recovery time objective have been replaced with the following Setting prioritized timeframes for resuming these activities at a specified minimum acceptable level taking into consideration the time within which the impacts of not resuming them would become unacceptable In essence there is no change here apart from wording which is part of the rationale for introducing the revised Management System Model Organisations will still need to identify minimum recovery time requirements prioritized across all critical systems in a proper top down way BC Procedures formally 4 3 Developing and implementing a BCM Response now has the following requirements Procedures need to be established to ensure interested parties are warned and communicated with Incident response must include a trigger point for invocation Each plan must include information which might have been previously stated collectively i e each plan must be capable of standing alone Organisations must make sure they include all interested parties in their incident communications and an invocation trigger point

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=7 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    standard is more suited to the international audience it is intended for The major differences and what it means for your existing BCM programme are Greater focus on planning and preparing resources for BCM including Understanding the context of the organization and understanding the needs of interested parties determining the risk appetite and using that as a basis for BC strategy and objectives The impact of this will be that organisations will have to spend much more time on up front planning and preparation to implement a BCM capability rather than just dive in and start writing BC Plan documents which might not necessarily fit in with the overall BC Strategy More emphasis on top management commitment through greater leadership enabling an environment of support and involvement in BCM This will mean that management will need to commit more time and resources to ensuring they implement a BCM capability rather than going through a tick box exercise Greater emphasis on BCM system performance and metrics analysis and determining the effectiveness of your BCM System This is reinforced by the requirement for permanent monitoring of the BCM System as well as periodic reviews to measure and improve its operation This will mean that organisations will need to prove on an on going basis the cyclical nature of the BCMS lifecycle i e measuring the effectiveness of the BCMS against the BC Strategy and goals and providing proactive remediation where needed There is recognition of more modern working practices particularly relating to third party arrangements and the requirement for organisations to control and take responsibility of those activities which could affect their business The standard requires that Organisations shall control processes that are contracted out or outsourced This will mean that organisations will have to be more proactive in their management and responsibility for 3rd party service providers ensuring that an appropriate level of due diligence and on going audit and remediation takes place You cannot pass responsibility to the 3rd parties MTPD Maximum tolerable period of disruption and RTO Recovery time objective have been replaced with the following Setting prioritized timeframes for resuming these activities at a specified minimum acceptable level taking into consideration the time within which the impacts of not resuming them would become unacceptable In essence there is no change here apart from wording which is part of the rationale for introducing the revised Management System Model Organisations will still need to identify minimum recovery time requirements prioritized across all critical systems in a proper top down way BC Procedures formally 4 3 Developing and implementing a BCM Response now has the following requirements Procedures need to be established to ensure interested parties are warned and communicated with Incident response must include a trigger point for invocation Each plan must include information which might have been previously stated collectively i e each plan must be capable of standing alone Organisations must make sure they include all interested parties in their incident communications and an invocation trigger point must

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=bcp (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    6340 Command Injection NCCIC ICS CERT is aware of a public report concerning a command injection vulnerability with proof of concept PoC exploit code affecting Advantech EKI 6340 a wireless mesh access point used in industrial control systems Source US CERT ICS Alerts This entry was posted in Threat Alerts Industrial Control System and tagged Cyber Security on 1 January 1970 by Maritz Cloete Post navigation BCM Goodbye to an old friend Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Security Controls ISMS APT DPA Social Media Data Loss Prevention Information Security Cyber Security Defence Cyber Security Management Support ISO IEC27001 2013 ISO27001 ISO27001 2013 ISO27000 Data Protection PCI DSS cyber essentials Advanced Persistent Threats cyber essentials plus EU Data Regulation RSS feed If you want to stay up to date with our blog subscribe to our RSS feed Archives February 2016 January 2016 December 2015 November 2015 October 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 December 2014 November 2014 October 2014 September 2014 August

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=224 (2016-02-14)
    Open archived version from archive



  •  


web-archive-uk.com, 2017-12-16