dcsimg

Nine steps to successful ISO 27001 implementation

It may be something of a cliché but, for information security management system (ISMS) projects, it is certainly true to say that ‘well begun is half-way done’. The person charged with leading an ISO/IEC 27001:2013 ISMS project has to reduce something that looks potentially complex, difficult and expensive in terms of time and resources, to something that everyone believes can be achieved in the … [Read more...]

German hospital fined €105,000 for GDPR data breach

A hospital in Rhineland-Palatinate, Germany has been fined €105,000 by the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatine (LfDI).  The fine was based on several breaches of the GDPR (General Data Protection Regulation) concerning patient admittances, resulting in patients receiving incorrect invoices, and exposing issues with the hospital’s patient privacy … [Read more...]

How can cyber security protect your organisation?

‘Cyber’ is a word we use all the time. But what does it mean? What are the implications for us as directors and general managers? Or as IT security managers and auditors?  ‘Cyber’ is thought to derive from the older term ‘cybernetics’ – based on electronic/mechanical control systems and the degree to which man-made and human worlds interact. Cybernetics is derived from the Greek word ‘kubernan’ – … [Read more...]

Cyber attacks and data breaches in review: November 2019

The numbers don’t tell the full story this month. There may have been 1.34 billion breached records disclosed, but almost all of them came from a single incident of ambiguous origin.  Likewise, there were an abnormally high number of incidents in which the organisation didn’t reveal the number of affected records, so it’s a hard month to define in terms of cyber security success.  What we are sure … [Read more...]

Q & A: The challenges for Data Protection Officers (DPOs)

Under the GDPR (General Data Protection Regulation), many organisations are required to appoint a DPO (data protection officer). Our recent webinar, ‘Challenges for data protection officers (DPOs)’, provided an introduction to the role and its requirements, covering the DPO’s responsibilities and the challenges they face. This was followed by a Q&A session with our GDPR expert Alice … [Read more...]

Which cyber security software should you invest in?

Software solutions are the simplest way for organisations to address many of their cyber security threats. All you need to do is pick out and purchase the right tools and away you go.  Unlike the other aspects of the cyber security triad – processes and people – there’s often no need to carefully curate solutions that work for your organisation. Instead, technological solutions can be bought off … [Read more...]

IT Governance certified training now available in Amsterdam

IT Governance Europe is delighted to announce the launch of our latest classroom training courses in Amsterdam.   Starting in 2020, they offer attendees a structured learning path from foundation to advanced level, and enable IT, privacy and security practitioners to develop the skills needed to deliver best practice and compliance in organisations of all sizes.   Continual professional … [Read more...]

Why your organisation should implement ISO 27701

There’s a new standard for data privacy: ISO 27701. Released earlier this year as an extension to the ISO 27000 series, it provides essential guidance to help organisations protect sensitive information and meet data subject rights.  ISO 27701 fills a gap left by the GDPR (General Data Protection Regulation), which contains strict rules about privacy management but doesn’t advise organisations on … [Read more...]

NIS Directive – The EU’s Directive on security of network and information systems

Technology has brought us into a world that many of us only poorly understand. While we may have some grasp of this technology, there is often a lack of real understanding as to how these technologies work and interact. A few decades ago, we understood that if the water levels fell then the hydroelectric plant would not be able to generate electricity. We knew that interchanges connected our … [Read more...]

5 things you must do to avoid data breach disaster

Some of the most disastrous consequences of data breaches occur not from the incident itself but as a result of organisations’ inability to respond quickly and effectively.  You can’t assume that a data breach is a negligible risk that you’ll deal with if it ever happens. That’s because your chances of being breached are much higher than you might think. In fact, the insurance … [Read more...]