Download as PDF
Blog Article
Blog Article
The new European Data Protection Regulation is relevant to many areas of our work. Yesterday I had the opportunity to look at its likely effect on information security at a Jisc Special Interest Group meeting.
Blog Article
Recently we had one of our regular reviews of security incidents that have affected the company in the past few months. All three – one social engineering attack, one technical one, and one equipment loss – were minor, in that only limited information or systems were put at risk; all were detected and fixed, to the best of our knowledge, before anything was accessed that shouldn't have been. If we had only been looking at data breaches they probably wouldn't even have made it to the agenda.
Blog Article
I had been planning to write up a summary of my thoughts on Bring Your Own Device, but I'm pleased to discover that the UK Government has pretty much done it for me. Their draft guidance, just published for comment, suggests an approach along the following lines:
Blog Article
The recent invention of the phrase "Bring Your Own Device" seems to have got educational organisations agonising about something we’ve been doing routinely, indeed relying on, for at least 15 years. Whenever you send a member of staff home with some work to do but no laptop to do it on, or provide a webmail service for students, or invite a visiting academic connect their device to your network, you’re inviting BYOD.
Blog Article
Many of the talks at the FIRST conference consider activities within and between incident response teams, but two talks today considered how CSIRTs and boards can work better together. Pete O’Dell suggested that many company boards either delegate or ignore information security, perhaps considering that it is “just another risk”.
Blog Article
A strong common (and unplanned, honest!) theme emerged from the information security session at Networkshop yesterday: that information security, or information risk, is ultimately the responsibility of individual users. Only they can decide which documents it is safe to read on a train, which phone calls they can make in a public place.
Blog Article
I reckon the education sector accepted user-owned devices (now known as Bring Your Own Device) at least fifteen years ago, the moment we provided remote access and encouraged staff and students to work outside the office. My talk at the Janet/Jisc services day in London therefore looked at how we can do it better, suggesting a three step plan. Your comments and experiences on these ideas would be very welcome:
Blog Article
Presenting at the Jisc’s Safer Internet Day event got me thinking a bit more about the shared interests between owners and organisations in a BYOD scheme, and the opportunity that might present. For many years I’ve liked the idea of helping users be safe in their personal Internet lives (where motivation should be a matter of self-interest, rather than "having to comply with policy") and improving workplace safety as a side-effect.
Blog Article
ENISA have published a useful set of controls and best practices for managing the risks in a Bring Your Own Device (BYOD) program. They identify three groups of controls
Prev | Next