information security Archives - Alan Calder on IT Governance, Cyber Resilience, ISO 27001 and Brexit

Password Security Dilemma

Alan Calder March 4, 2010 Data Protection, ISMS, ISO 27001, ISO 27002 (ISO 17999), IT Security

Commonly accepted best practice on password security is that passwords should be complex, changed frequently and never written down. Password complexity (8 alphanumeric characters, case sensitivity plus special characters) increases the level of difficulty associated with cracking it; password change regularity …

[Continue Reading...]

Take Data Protection Seriously, Please

Alan Calder February 26, 2009 IT Security

I did a presentation earlier this week at NITES, in Ireland. My topic was data protection and governance. I took the opportunity to make a number of linked points: We already have data protection legislation in the EU and US; These …

[Continue Reading...]

New UK Computer Crime Unit

Alan Calder October 3, 2008 Data Breaches, Data Protection, ISO 27001, IT Security, PCI DSS, White Collar Crime

Well, that’s a relief – the UK government has caught up with the fact that there are criminals on the Internet. The government has said that it will spend £7 million to establish the Police Central E-crime Unit (PceU) in …

[Continue Reading...]

Risk Assessment Explained

Alan Calder May 21, 2007 Compliance, ISO 27001, ISO 27002 (ISO 17999), IT Security

Given the increasing desire of businesses to be certified to ISO27001, risk assessment has emerged as an important skill for the infosec professional. While it is well-established in other areas, risk assessment is new to many in technology and requires …

[Continue Reading...]

Rise of the Chief Security Officer

Alan Calder April 16, 2007 IT Security

More proof that the much vaunted convergence of information security and physical security is being made flesh: ‘Research from the Economist Intelligence Unit shows the number of CSOs taking ultimate responsibility for the security of a business has almost doubled …

[Continue Reading...]

Breaking down the learning curve in security and governance

Alan Calder March 24, 2007 ISO 27001, IT Security

Getting to grips with best practice information security and governance often involves a steep learning curve, and this is a challenge facing more and more people: as infosecurity and governance become increasingly mainstream topics, so a wider range of professionals …

[Continue Reading...]

2006 retrospective

Alan Calder January 5, 2007 IT Security

SearchSecurity.com has published an interesting review of information security in 2006. Looking back at 2006 contains top security-related interviews of 2006, accessible in the form of a podcast. It’s a useful retrospective when considering 2007 and its upcoming challenges!

[Continue Reading...]

SMBs lag on security

Alan Calder September 27, 2006 ISMS, ISO 27001, IT Security

Confirmation from PriceWaterhouseCoopers that small and medium-sized firms are underinvesting in IT security and suffering for it. PWC calls the difference in preparedness between large and smaller companies ‘a tale of two cities’, which seems pretty apt. As they say, …

[Continue Reading...]

An ISO 27001 ISMS will enable regulated firms to meet FSA Handbook requirements

Alan Calder September 9, 2006 ISMS, ISO 27001, ISO 27002 (ISO 17999), IT Security

The FSA Handbook sets out clear requirements for the management of information security within its regulated sectors. The requirements are best met by implementing and maintaining an ISMS that meets the ISO27001 standard – ISO27001-certification is clear evidence that the …

[Continue Reading...]