As GDPR enforcement approaches you should start to think about the ESI (Electronically Stored Information) held on your systems that could contain personal data. Whilst reviewing how data is being stored, processed, transferred, updated and protected you must also consider how to later perform e-Discovery on all of that data. Not unlike the proverbial see-saw, the more you lock something away the more difficult it…
Security Through Maturity
How's your posture?In today’s digital world data is considered to be the crown jewels and should be protected from those that might abuse it. The value to the business that data represents should be balanced against the risk of it being exposed. Traditionally viewed as a pure security issue, as data protection laws start to change this will become much more of a compliance issue. In simple…
The countdown to the new millennium heard of horror stories predicted for planes falling out of the sky for failing to deal with the looming date of 31st December 1999. Working in a bank all night I witnessed the world transit through the different time zones, following the dawn. By the time we in the UK were in the early hours of the New Year…
When budgeting for cyber security consider what you must do for legal and regulatory compliance, and what you should do for good security. As good security is a business enabler, do that first. Then analyse any compliance gaps and fill them. You should budget accordingly. How you decide to deal with risk is important: will you accept, avoid, transfer or mitigate? Let’s say you calculate…
Recent years have demonstrated great efforts made by organisations to encrypt any data that needs to physically leave the building where it is normally stored – the “data at rest” is made unreadable to any person or entity that is not authorised to read that data. Traditionally it is patient and finance data that have been the focus, typically stored or used on a mobile…