18/9/22 It is thought that Rockstar Games, producers of Grand Theft Auto (GTA), has suffered a security breach. Teapotuberhacker posted 90 short videos, which appears to show footage of the unreleased version of GTA 6. Teapotuberhacker suggested they want to negotiate a deal with Rockstar, otherwise they will release the source code of GTA 5, …
Grand Theft Auto GTA Security Breach – Rockstar Breach Read More »
20/9/22 Morgan Stanley agreed to pay $35m fine to US SEC, down from the original suggestions of $60m in January 2022, over allegations that they failed to secure customer data when disposing of hard drives. Morgan Stanley has denied claims of liability. It is suggested a third party auctioned the devices, without removing the data, …
Morgan Stanley Pays USD 35m SEC Fine – Data Security Asset Disposal Read More »
Rumour has it that Uber has suffered a cyber security breach. News suggests an 18 year old claims having gained access via Slack, and posted images that appear to show full administrative access to Uber’s cloud services. If you have an Uber account, makes sure you change your password, and if you used that password …
What is a Statement of Applicability (SOA) for ISO 27001 in 27002? ISO 27001 in the International Standard Organisation’s (ISO) Information Security Management System (ISMS) ISO 27001 references a document that it calls the Statement of Applicability or SoA. There’s something confusing about the name. Simply put, the Statement of Applicability is a list of …
What is a ISO 27001 Statement of Applicability SoA? Read More »
What MUST be on a GDPR Website Privacy Notice or Privacy Policy? Under GDPR, Every website probably needs a GDPR Privacy Notice or Policy. It’s different to the Website Terms of Use, the Terms and Conditions. If you’re not sure whether to call it a Privacy Notice or Privacy Policy, this article may help. But …
11 Key Things a GDPR Website Privacy Notice Policy Must Have Read More »
This is a conversation that we’ve been having more than expected over the last 5 years, so it’s time for a blog… Should your website have a Privacy Notice? Should your website have a Privacy Policy? What on earth is the difference? Let’s find out… Why do we need a Website Privacy Page / Notice …
The Three Lines of Defence Risk Management Model What is the Three Lines of Defence model? The Three Lines of Defence model helps business leaders to manage risk effectively. It facilitates a cohesive and coordinated approach, by establishing three independent levels of risk management, segregating key duties and reducing the potential for conflicts of interest. …
The Three Lines of Defence Risk Management Model Read More »
What Skills Do DPOs Need? GDPR Data Protection Officers DPOs require quite a multi-disciplinary skill set. GDPR says they must be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices. They must be able to fulfil the designated tasks. A DPO will require technical skillsets relating …
What Skills Do DPOs Need? GDPR Data Protection Officers Read More »
4 Tasks DPOs Must Perform Under GDPR EU Data protection law mandates that the DPO must fulfil certain obligations and tasks. This includes: Informing and advising the company and staff about their legal obligations. Monitoring the company’s compliance with data protection law and policies, including monitoring how responsibilities are assigned, levels of awareness and training …
Does my company need a DPO? GDPR mandates that specific types of organisations assign a formal Data Protection Officer. At a high level, this is an obligation for: Public organisations Private organisations whose core activities process a large scale of personal data. The definition of “large scale” creates a challenge, even though some guidance has …
