The importance of having an Asset List

In July I attended and presented at the East Midlands Cyber Security Conference and Expo, at the National Space Centre in Leicester.

Asset List blog2In their presentations, Derbyshire’s Assistant Chief Constable –  Martyn Bates, Del Heppenstall – Director, KPMG, and Christian Toon – Cyber Security Specialist, PricewaterhouseCoopers LLP all mentioned in one way or the other the importance of maintaining an asset list.

In my presentation on Implementing Cyber Essentials, I also observed that while not a specific requirement of Cyber Essentials, in practice you will find it hard to manage a certified environment unless you have a good view of the complete list of assets.

If we take a look at the ISO 27001 standard for information security management systems, Section A 8.1.1 declares “Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained”.

So the evidence seems conclusive, if you care about security in your business, you really must make an asset list. Without one, how can you be sure the asset is suitably protected?

Cyber Essentials at UK MOD: the beginning of a critical mass?

The UK’s Cyber Essentials Scheme took a major step forward at the beginning of this year when the UK Ministry of Defence (MOD) mandated that its suppliers need to have obtained a Cyber Essentials certificate before they are able to undertake certain contracts.

This news has been coming for quite a while but judging by some reaction to this mandating of Cyber Essentials, it appears to have caught some by surprise. Continue reading “Cyber Essentials at UK MOD: the beginning of a critical mass?”

Cyber Essentials: going mainstream?

As I’m sure many of the readers of this blog will be aware Cyber Essentials is a UK Government scheme encouraging organisations to adopt good practice in information security. It includes an assurance framework, and a simple set of security controls, to protect IT.

It was launched in a big fanfare in June of last year; it became mandated for certain UK Government IT contracts in October 2014; but it has seen relatively low take-up. Or at least thus far. Continue reading “Cyber Essentials: going mainstream?”

How do you engage your staff with information security?

That was the question that the IISP East Midlands branch tried to tackle recently at its forum in Leicester.  The evening gave a chance for information security professionals across the region to get together to network with colleagues and discuss this most important of issues.

Continue reading “How do you engage your staff with information security?”

Is there any point in using anti-virus software?

I recently attended a professional development event in Birmingham run by OWASP and the Institute of Information Professionals (IISP). One of the topics on the agenda was how to evade anti-virus (AV) software packages.

Shock horror. The breaking news is that AV software is not going to stop cyber attacks on your organisation, as has been blogged on before here on Cyber Matters.

However two aspects stood out for me.

Continue reading “Is there any point in using anti-virus software?”