The five standards worth knowing about ISO Spaghetti: Why the Standards Landscape Is Confusing (and What to Do About It) I have lost count of the number of tender documents I have reviewed that specify ISO 22301 and ISO 27001 and ISO 31000, sometimes with ISO 22361 thrown in for good measure. Occasionally all four […]
ISO Spaghetti: Why the Standards Landscape Is Confusing (and What to Do About It) Read More »
The cyber law your organisation probably doesn’t need to worry about — and why that might be exactly the problem The Cyber Security and Resilience Bill passed its third reading in the House of Commons on 16 June and arrived in the Lords the following day. If you’ve seen coverage of it, you could be
Banning Social Media for Under-16s: The Data Protection Question Nobody’s Answering So it’s official. This morning, the Prime Minister stood in Downing Street and announced a full ban on social media for children under 16. TikTok, Instagram, Snapchat, X, YouTube, Reddit — the lot. Legislation before Christmas, enforcement potentially from Spring 2027. As a parent
Banning Social Media for Under-16s: The Data Protection Question Nobody’s Answering Read More »
Does Your ISO 27001 Certificate Mean You’re Secure? After I published my recent piece on the GCHQ Director’s Bletchley Park lecture, a fellow practitioner left a comment that I’ve been turning over in my head ever since. It’s a question about ISO 27001 certification and what it really proves about security that deserves more than
Does Your ISO 27001 Certificate Mean You’re Secure? Read More »
From Boardrooms to Living Rooms”: What the GCHQ Director’s Bletchley Speech Really Said It’s rare for the Director of GCHQ to speak in public. Anne Keast-Butler said as much herself this morning, standing at Bletchley Park to deliver the first annual GCHQ lecture. The fact that she felt compelled to do so tells you something
From Boardrooms to Living Rooms”: What the GCHQ Director’s Bletchley Speech Really Said Read More »
M&S just told us exactly what a cyber incident cost a UK business. Are you ready for yours? Yesterday, Marks & Spencer published its full-year results. Profits down 23.8%. Fashion and home revenue down 7.7%. £131 million in direct costs attributed to a single cyber incident. And all of it traceable back to a third-party
M&S just told us exactly what a cyber incident costs. Are you ready for yours? Read More »
48 staff. No dismissals. No ICO investigation. The Southport records breach tells us everything we need to know about insider threat. When the news broke this week that 48 NHS staff had inappropriately accessed the medical records of Southport attack victims — and that the highest sanction any of them received was a final written
How to Audit Information Security Effectively In today’s digital landscape, safeguarding sensitive data is a top priority for every organisation. Conducting an internal audit of information security is a crucial step in identifying vulnerabilities, ensuring compliance, and strengthening overall security measures. This guide outlines the essential steps to effectively audit information security and implement best […]
How to Audit Information Security Effectively Read More »
It is probable that the Post Office scandal highlights information security failings by both the Post Office and their contractor, Fujitsu, some of which I will summarise in this short blog. I, like much of the adult population of the UK, have watched, appalled and angry, as the docu-drama Mr Bates vs the Post Office […]
Post Office scandal highlights Information Security Failings Read More »
It is interesting to note the number of searches for ISO 27001 pdf, or even the number of searches for a free version of the standard. This presents some interesting questions and considerations, not least those of ethics! Regardless of the fact that most ISO standards are derived by a group of volunteers, the copyright […]
ISO 27001 pdf – is it free? Read More »
