data security Archives - Alan Calder on IT Governance, Cyber Resilience, ISO 27001 and Brexit

Take Data Protection Seriously, Please

Alan Calder February 26, 2009 IT Security

I did a presentation earlier this week at NITES, in Ireland. My topic was data protection and governance. I took the opportunity to make a number of linked points: We already have data protection legislation in the EU and US; These …

[Continue Reading...]

How do customers know which suppliers are compliant with the PCI DSS? And shouldn’t they be told?

Alan Calder August 7, 2008 Data Breaches, Data Protection, IT Security, PCI DSS

Lots of organisations think they don’t need to worry about theft of credit card data. I don’t know why. Payment card data theft is now big business – the level of professionalism available in this industry includes the development of …

[Continue Reading...]

MOD Laptop ‘anomalies’ = systemic failure

Alan Calder July 29, 2008 Data Breaches, Data Protection

Search Security published this, on 29 July 2008: Last week, the MoD was forced, in an answer to a parliamentary question, to admit that during the last four years, 658 of its laptops were stolen, and another 89 lost. Only …

[Continue Reading...]

Civil lawsuits start over lax data security approach

Alan Calder February 19, 2008 Compliance, Data Protection, ISO 27001, IT Governance, IT Security

The Realtime IT Compliance blog carried a significant post the other day – the first signs of US civil lawsuits against companies losing customer data. In this case, it is a $54 million claim against Best Buy for losing a …

[Continue Reading...]

Another wake-up call for the boardroom

Alan Calder February 9, 2008 Data Protection, ISO 27001, IT Security

For those boardrooms still slow to grasp the strategic importance of IT governance and information security, the BBC offers a nice simple graph to bring home the scale of the challenge. It comments: “Reports vary but some estimates suggest there …

[Continue Reading...]

The ICO needs to act

Alan Calder January 22, 2008 Compliance, Data Protection, IT Security, PCI DSS

The private sector needs to take data privacy more seriously if it is to stop the Information Commissioner’s Office getting the power to audit their information security systems without warning. According to ComputerWeekly, this is the warning from James Alexander, …

[Continue Reading...]

Information classification schemes

Alan Calder January 22, 2008 Data Protection, IT Governance, IT Security

Also from ComputerWeekly, Chief Information Officers need to take a leading role in setting up formal information classification schemes to stop them over-engineering them to comply with security regulations, according to a report from the Information Security Forum. Well, yes …

[Continue Reading...]

Not really fair, is it?

Alan Calder November 22, 2007 Compliance, Data Breaches, Data Protection, ISO 27001, IT Security

The UK government claimed that the person who burnt the HMRC child benefit database to a disc and mailed it to the National Audit Office (NAO) was a relatively junior civil servant who had breached rules and would be subject …

[Continue Reading...]

White collar crime and information security

Alan Calder June 1, 2007 Data Breaches, ISMS, IT Security, White Collar Crime

The increasing incidence and serious nature of internal threats to the security of corporate information is well demonstrated by the recent need for Cable & Wireless to injunct a former executive to hand a 100,00-strong customer database back to her …

[Continue Reading...]

Staff training lags behind

Alan Calder May 25, 2007 Data Breaches, IT Security

According to a new study of 500 IT and HR professionals, 45 percent of businesses fail to train staff in handling sensitive corporate data, and 46 percent have no plans to introduce such training. With Marks & Spencer providing the …

[Continue Reading...]