Alan Calder on IT Governance, Cyber Resilience, ISO 27001 and Brexit – Alan Calder, author of "IT Governance – An International Guide to Data Security and ISO27001/ISO27002", talks about current governance and cyber-security issues.

Note for FDs/CFOs: Cyber security is not discretionary

Alan Calder July 31, 2020 Cyber Security

There are many FDs and CFOs who, even more the economic challenges of the current pandemic and looming global recession, thought that budgeting for cyber security expenditure was essentially discretionary and could be postponed or cancelled in line with P&L …

[Continue Reading...]

Regulatory action is increasingly driving GDPR compliance

Alan Calder July 23, 2020 EU GDPR

We all thought that the most dramatic aspect of GDPR enforcement would be fines for data breaches, and that the primary driver for GDPR compliance would be the desire to avoid data breaches. While there have been some spectacular data …

[Continue Reading...]

EU-US Privacy Shield – is Schrems II the final nail in the coffin?

Alan Calder July 22, 2020 Data Protection

In the immediate sense, the answer is obviously ‘yes’: the Schrems II CJEU decision invalidated the EU-US Privacy Shield and put some 5,500 US entities and many more EU organisations that are exporting personal data to the US in a …

[Continue Reading...]

In Government, but not in control

Alan Calder June 10, 2020 General

As our hopeless, hapless government dithers around the re-opening of the UK economy, it is increasingly clear that it has no vision, no plan and no basic competence at what it was elected to do. Ministers’ constant refrain is that …

[Continue Reading...]

Cyberattacks will accelerate – in volume and size – over the next 6 months

Alan Calder May 15, 2020 Cyber Security

Millions of people, working from home, using personal IT equipment rather than hardened corporate equipment, and often connecting to corporate services without going through a working VPN, provide cyber attackers with millions of routes into secure networks.

[Continue Reading...]

Ransomware: should have known better

Alan Calder May 11, 2020 Cyber Security

You would have thought that IT Managed Service Providers would know about ransomware, wouldn’t you? Well, clearly not all MSPs are equal: US MSP, Cognizant, admitted last week that a successful April ransomware attack would negatively affect its Q2 earnings …

[Continue Reading...]

Do you need a physical office in order to ISO/IEC 27001 certification?

Alan Calder May 4, 2020 ISO 27001

No. The standard was written to support organisations of all sizes, all types and in all sectors. And as it is increasingly normal for organisations to be largely or entirely home-based, accessing temporary office-space if, as and when, necessary, so …

[Continue Reading...]

Dealing with coronavirus – a perspective

Alan Calder April 29, 2020 IT Security

According to the World Health Organization, the total number of coronavirus deaths, worldwide, as at 0100 on 28 April 2020, is 202,733. At this point, Covid-19 is the 23rd highest cause of death worldwide.

[Continue Reading...]

In troubled times

Alan Calder July 24, 2019 IT Security

In troubled times – when faced with socio-economic uncertainty or political instability – organisations tend to pull in their horns, cut expenditure and save for the whatever the future holds. Cyber criminals love troubled times, because they know that organisations …

[Continue Reading...]

Key lessons from the record BA and Marriott GDPR fines

Alan Calder July 11, 2019 IT Security

After a year of apparent inaction, the ICO (Information Commissioner’s Office) has struck twice in two days with the two largest privacy-related fines in the EU. I think organisations can draw two key lessons from these actions: 1. You can’t …

[Continue Reading...]