Julia Dutton Archive
This blog has been updated to reflect industry updates. Originally published 6 August 2018. Under the EU GDPR (General Data Protection Regulation), organisations must respond to a serious data breach within 72 hours of becoming aware of it. This places …
In common with all IT professionals, information security specialists are very aware of the importance of qualifications in demonstrating competence to their current and future employers. Information security is a complex, multidisciplinary field, though, and choosing a learning path that …
Since a no-deal Brexit is starting to look more and more likely, the UK government recently released additional guidance to supplement the ICO’s (Information Commissioner’s Office) previous description of the future data protection regime. The government has stated that it will …
The EU GDPR (General Data Protection Regulation) hasn’t been around for long but we’re already seeing a huge increase in reported data breaches to the ICO (Information Commissioner’s Office). In the past two years, the number of reported data breaches …
The NIS Regulations 2018 (The Network and Information Systems Regulations) are derived from the NIS Directive (the EU Directive on security of network and information systems), and took effect on 10 May 2018. What is the objective of the NIS …
To improve cyber risk governance among public-sector departments and their suppliers, the UK government has issued a series of minimum cyber security standards that will be incorporated into the Government Functional Standard for Security. The first standard to be incorporated, …
The Directive on Security of Network and Information Systems (NIS Directive) ((EU) 2016/1148) aims to achieve a high common level of network and information systems security across the European Union. IT Governance has prepared a free compliance guide based on …
Although data breaches as a result of cyber attacks get all the press, it is often negligence or a lack of basic processes, policies and procedures that result in data breaches. The Information Commissioner’s Office (ICO) compiles quarterly statistics about …
Despite the global spotlight on cyber attacks, many organisations still struggle to get to grips with managing emerging cyber risks in an increasingly technological world. Already burdened with a raft of director’s duties, the incoming General Data Protection Regulation (GDPR) and NIS …
An ISO 27001-compliant ISMS requires ongoing maintenance and review to meet the Standard’s requirements in clauses 8 and 9. The internal audit is an essential element of this process that must be carried out as described in clause 9.2 of …
