Trusting Your Supply Chain?

21st October 2017 Author: InfoSaaS

This week, we've seen some concerning developments that might suggest that the global battle on cyber threats may become a regionalised affair. This focuses on multiple media reports that within the United States, federal agencies are to be prohibited from using Kaspersky Lab antivirus software, amid claims that allege Russian secret services have some form of backdoor access using the software, allowing visibility to the content within and configuration of end-user devices. A number of US...

Proud to Support the White Hat Rally

10th June 2017 Author: InfoSaaS

Every year since 2009, adventurous members of the information security community have come together each September to take part in an annual, fun car rally. Combining excitement, enjoyment and philanthropy, the event raises much-needed funds for the incredible children's charity, Barnardos, in stopping child abuse, online bullying, grooming and sexual exploitation. Organiser of the White Hat Rally, Martin Law of Agility IS, noted "Our event brings together like-minded, socially...

APT10 … Are You Prepared?

10th April 2017 Author: InfoSaaS

Over recent weeks, your organisation may have become aware of the name "APT10", either through journalists' efforts, or perhaps from one of your customers seeking to understand how well prepared your organisation is. If you haven't yet come across the term, now would be a good time to take note. APT10 is a well-organised cyber attack network believed to be based in China, and very focused on stealing trade secrets and confidential data. Awareness of the sheer scale and complexity of...

The Road to G-Cloud 9 (UK)

18th March 2017 Author: InfoSaaS

The UK Government continues to promote its "Cloud First" policy, with most cloud-related business being conducted via the Digital Marketplace. Regular iterations of the content of the Digital Marketplace take place relatively frequently - we're currently in G-Cloud 8, although the next release (G-Cloud 9) will soon be upon us, and applications need to be completed and submitted by 11th April. Several InfoSaaS customers and partners have commented that this latest iteration has a greater...

Managing ISO27001 Documentation

3rd February 2017 Author: InfoSaaS

For an organisation looking to demonstrate their information security capability, whether to reduce risks, attract customers or avoid financial or legislative penalties, the international standard ISO/IEC27001:2013 is most commonly used as a benchmark for independent, external validation. As you digest the 30+ pages, containing over 150 specific requirements, you'll start to notice the repeated phrase "shall retain documented information" which is setting the expectation that you need to be...

The Journey to ISO27001 Certification

25th January 2017 Author: InfoSaaS

There are many reasons why an organisation may want to implement an effective Information Security Management System (ISMS), and the vast majority proceed to have this independently assessed for ISO27001 certification. This important evidence demonstrates a responsible approach to information security, which is important for customer confidence, legislative compliance and also helping to keep the organisation safe from ever increasing cyber threats. Whilst some organisations will complete...

GDPR and Privacy Impact Assessments

5th January 2017 Author: InfoSaaS

Happy New Year to you! There's no doubt that 2017 will be a year of challenges and changes. Brexit progress, President Trump, IOT security, internet surveillance, the list goes on. Let's not lose sight of the ever clicking countdown clock of GDPR (just over 500 days to go), the new EU-wide General Data Protection Regulation, which will replace the UK's current Data Protection Act in May 2018. As we've discussed before, having an effective and comprehensive Information Security...

Not Another New Year’s Resolution?

20th December 2016 Author: InfoSaaS

It's that inevitable time of year where we expect to be inundated with organisations suggesting that we include them somewhere in our list of New Year's Resolutions, or that they will help us to achieve those long-awaited business goals and objectives. Whether it's saving money, increasing staff knowledge, improving process efficiency, or making your presence more widely known through more effective advertising, it appears that there's always things that we could probably be doing...

Getting Hacked Ahead of GDPR

15th October 2016 Author: InfoSaaS

A month ago, Yahoo informed its 500 million users that their personal data had been stolen by hackers, including email addresses, dates of both, security questions and encrypted passwords. One aspect of this data breach that many have overlooked was that it took nearly two years from the hack to be reported publicly (it having originally taken place in late 2014) with hundreds of millions of users' details having been offered for sale on the on the darknet market for as little as USD $2,000...

Focus on Risk Treatment

28th September 2016 Author: InfoSaaS

An Information Security Risk Treatment Plan is one of the mandatory documentation requirements, called out in Section 8.3 of ISO27001:2013. In plain English, this is a record of all identified risks that need to be attended to, and the steps taken to ensure that the organisation is not subject to increased risk why these risks remain. A common approach to assessing a specific risk is to identify and evaluate the effectiveness of controls that are already in place to protect an asset from a...