Minimum Cyber Security Standard

11th July 2018 Author: InfoSaaS

With the breadth and sophistication of cyber threats growing on a daily basis, new initiatives are frequently published to boost levels of cyber resilience. During the last week of June, the UK Government Cabinet Office, in conjunction with the National Cyber Security Centre, published the "Minimum Cyber Security Standard" (MCSS) which provides a mandatory framework of ten areas where a minimum acceptable approach is required to protect the sensitive data and supporting systems of UK public...

ICO and Fees for Data Controllers under GDPR

4th April 2018 Author: InfoSaaS

We've commented previously that a general perception of GDPR was that there would be a removal of the annual registration cost which is currently paid to the Information Commissioner's Office for registration under the UK Data Protection Act of 1998. What has since been clarified is that whilst data controllers will need to maintain their own records of data processing (as per Article 30), the ICO has communicated that an annual fee will apply for all data controllers, which will help to fund...

Dude, where’s my data?

15th March 2018 Author: InfoSaaS

Everyone's getting a little weary of the GDPR countdown by now. We have a little over two months to go, and amazingly some organisations have yet to define a meaningful project that will help them to (a) achieve legal compliance, and (b) respect their customers' personal data and prove that they can be trusted to look after it. We've commented previously on the many "silver bullet" solutions that will magically solve all your data protection woes (they won't), and the army of GDPR snake oil...

GDPR … which Article?

9th December 2017 Author: InfoSaaS

We've noticed that many organisations who are preparing for the introduction of GDPR in just over six-months' time have not yet found a reason to locate and download the the Regulation itself. Incidentally, this can be found here. Within this wordy document, there are no less than 99 separate articles which cover every aspect of how GDPR will operate. In response to a recent request, we thought that it would be worthwhile for us to extract and highlight some of the more useful...

GDPR …. and Snake Oil

2nd November 2017 Author: InfoSaaS

The GDPR countdown relentlessly continues, and even the most reluctant of organisations are starting to realise that preparatory activities will be needed. For those with little or no previous experience in providing effective protection for personal data (for the moment, let’s overlook the fact that this should already have been in place under the UK Data Protection Act of 1998) many are seeking external assistance from the rapidly growing list of “GDPR Experts” (either as consultants...

Trusting Your Supply Chain?

21st October 2017 Author: InfoSaaS

This week, we've seen some concerning developments that might suggest that the global battle on cyber threats may become a regionalised affair. This focuses on multiple media reports that within the United States, federal agencies are to be prohibited from using Kaspersky Lab antivirus software, amid claims that allege Russian secret services have some form of backdoor access using the software, allowing visibility to the content within and configuration of end-user devices. A number of US...

Proud to Support the White Hat Rally

10th June 2017 Author: InfoSaaS

Every year since 2009, adventurous members of the information security community have come together each September to take part in an annual, fun car rally. Combining excitement, enjoyment and philanthropy, the event raises much-needed funds for the incredible children's charity, Barnardos, in stopping child abuse, online bullying, grooming and sexual exploitation. Organiser of the White Hat Rally, Martin Law of Agility IS, noted "Our event brings together like-minded, socially...

APT10 … Are You Prepared?

10th April 2017 Author: InfoSaaS

Over recent weeks, your organisation may have become aware of the name "APT10", either through journalists' efforts, or perhaps from one of your customers seeking to understand how well prepared your organisation is. If you haven't yet come across the term, now would be a good time to take note. APT10 is a well-organised cyber attack network believed to be based in China, and very focused on stealing trade secrets and confidential data. Awareness of the sheer scale and complexity of...

The Road to G-Cloud 9 (UK)

18th March 2017 Author: InfoSaaS

The UK Government continues to promote its "Cloud First" policy, with most cloud-related business being conducted via the Digital Marketplace. Regular iterations of the content of the Digital Marketplace take place relatively frequently - we're currently in G-Cloud 8, although the next release (G-Cloud 9) will soon be upon us, and applications need to be completed and submitted by 11th April. Several InfoSaaS customers and partners have commented that this latest iteration has a greater...

Managing ISO27001 Documentation

3rd February 2017 Author: InfoSaaS

For an organisation looking to demonstrate their information security capability, whether to reduce risks, attract customers or avoid financial or legislative penalties, the international standard ISO/IEC27001:2013 is most commonly used as a benchmark for independent, external validation. As you digest the 30+ pages, containing over 150 specific requirements, you'll start to notice the repeated phrase "shall retain documented information" which is setting the expectation that you need to be...