Tag Archives: Risk Management

Bored and distracted employees “could be biggest data security risk” warns Centrify

Employees who become distracted at work are more likely to be the cause of human error and a potential security risk. That’s according to a ‘snapshot’ poll conducted by Centrify.

While more than a third (35%) of survey respondents cite distraction and boredom as the main cause of human error, other causes include heavy workloads (19%), excessive policies and compliance regulations (5%), social media (5%) and password sharing (4%). Poor management is also highlighted by 11% of security professionals, while 8% believe human error is caused by not recognising data security responsibilities at work.

According to the survey, which examines how human error might lead to data security risks within organisations, over half (57%) of respondents believe businesses will eventually trust technology enough to replace employees as a way of avoiding human error in the workplace.

CentrifyDataSecurity

Despite the potential risks of human error at work, however, nearly three-quarters (74%) of respondents feel that it’s the responsibility of the employee, rather than technology, to ensure that the host company avoids a potential data breach.

“It’s interesting that the majority of security professionals we surveyed are confident that businesses will trust technology enough to replace people so that fewer mistakes are made at work, yet on the other hand firmly put the responsibility for data security in the hands of employees rather than technology,” commented Andy Heather, vice-president and managing director at Centrify EMEA.

“It seems that we as employees are both responsible and responsible: responsible for making mistakes and responsible for avoiding a potential data breach. It shows just how aware we need to be at work about what we do and how we behave when it comes to our work practices in general and our security practices in particular.”

Advertisements

Leave a comment

Filed under Risk UK News

“It’s time to bury hardware-based security solutions” argues VoipSec’s CEO

Paul German, CEO at VoipSec, believes now is the time for organisations to “bury” dedicated hardware-based security solutions.

“Recent years have seen a fundamental transformation in IT strategy, with networks being more agile and swiftly deployed and applications now deliverable quickly, in any location and scaled to meet an organisation’s requirements,” said German. “From virtualised hardware to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application and the application itself is increasingly located anywhere across the cloud.”

According to German, this decoupled approach itself demands a different approach to security. It can no longer be defined by network controls because those networks are virtual, disparate and remote. “When organisations access applications via an Internet address,” commented German, “the physical location is increasingly unknown. Security, therefore, needs to be elastic and flexible.”

German explained that the hardware-based, dedicated Session Border Controller (SBC) doesn’t fit into this model. As an approach to securing the VoIP network, German feels it’s “fundamentally flawed” on many levels.

PaulGerman

Paul German

“It constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud-based voice applications, for example? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.”

German added: “Perhaps the most concerning issue is that this approach is flawed from a pure security perspective. Hardware SBCs are considered both one off investments and one off deployments. As every security Best Practice model will attest, with a constantly changing threat landscape any failure to undertake routine updates will leave the organisation vulnerable.”

To be effective, as far as German’s concerned, security solutions must reflect the emerging risk and the current deployment trend.

“A software only model that’s continually updated to mitigate the evolving threat landscape is essential. Software-based SBCs, either on premise or in the cloud, also explore community-led intelligence about threats and risk experiences to rapidly disseminate new threat information and Best Practice. This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.”

Despite the widespread adoption of VoIP, the majority of SBC vendors are simply failing to respond and still advise an implement once model. “They fail to update customers on the evolving threat landscape and they cannot support the agile, decoupled infrastructures now required. It begs the question: ‘Just what is the value of the hardware-based SBC?'”

Leave a comment

Filed under Risk UK News

Institute of Risk Management forges alliance with Chartered Institute of Loan and Risk Management in Nigeria

The Institute of Risk Management (IRM) has signed a group affiliate scheme agreement with Nigeria’s Chartered Institute of Loan and Risk Management (CILRM).

The IRM is the leading global professional body for Enterprise Risk Management and currently has over 600 members across Africa, with active regional groups in Ghana, Kenya and South Africa. The organisation is currently in the process of setting up a group in Nigeria and Zimbabwe.

Legislation dictates that all companies over a certain size must have qualified risk management professionals in place in the region, highlighting the importance of risk management to the success of both organisations and the economy.

The scheme involves the CILRM purchasing 2,500 IRM group affiliate memberships which will then be allocated across the CILRM membership network. This means that the IRM’s counterparts can benefit from demonstrating their commitment to the risk management agenda by being part of a growing global network.

IRMAlliance

Other membership benefits include events, qualifications, networking and access to online materials.

Dr Ian Livsey, CEO of the IRM, said: “This is an exciting development for both the IRM and the CILRM when it comes to strengthening the risk management profession in Nigeria and for us to work more strategically going forwards.”

Livsey added: “The IRM already had a great footprint in Africa, but this news cements the importance of the developing Nigerian market. We’re keen to progress the risk management profession globally and determined to raise the importance of enterprise risk at Board level.”

Dr Sir Oladipupo A Bailey, president and chairman of the Governing Council of the CILRM, responded: “The signing of the Memorandum of Understanding with the IRM will not only strengthen the working relationship between the two bodies, but will also go a long way towards creating awareness of risk management’s importance for the Nigerian economy, both in the private and public sectors.”

He continued: “This is another milestone achievement for the CILRM and the IRM in terms of growing and developing the profession, especially in the areas of resource enhancement and capacity building.”

*The IRM has recently launched The Big Debate, which is a series of global events, interviews and a survey designed to find out more about the Risk Agenda 2025. Click here https://www.theirm.org/risk-agenda-2025.aspx for details

Leave a comment

Filed under Risk UK News

Ryanair adopts Ideagen Coruson as new safety and security management system

Ryanair has implemented a new safety and security management system developed by software firm Ideagen. Ideagen Coruson, a cloud-based software product, has been rolled out across Ryanair’s operations to further enhance the company’s safety reporting and risk identification processes and assist the airline in managing regulatory compliance.

Coruson simplifies identification, collection, collation and analysis of all information on safety and security-related events, thus enhancing risk management processes across Ryanair’s Safety, Security, Flight Operations, Ground Operations, Engineering, In-Flight and Health & Safety Departments.

Through this project, Ryanair has become the first airline in Ireland to submit electronic ECCAIR reports in E5X format to the Irish Aviation Authority by dint of using Coruson’s smart form functionality.

RyanairIdeagen

David Hornsby, Ideagen’s CEO, said Coruson would be used by more than 10,000 Ryanair employees. “We’re delighted to have won this significant contract with Ryanair. Coruson will be used by more than 10,000 Ryanair employees as part of this project, which will further enhance safety and security processes and ease compliance around the requirements of national and international aviation authorities.”

Hornsby added: “This is a significant project for Ideagen. It strengthens our position in the aviation safety sector. We continue to see strong new business demand for our software and, with 10% of the Tier 1 market currently using our products, we’re confident of further extensive growth in this particular area.”

Ryanair carries 130 million customers every year on more than 1,800 daily flights from 86 bases. The airline connects over 200 destinations in 34 countries on a fleet of over 400 Boeing 737 aircraft, with a further 300 Boeing 737s on order, which will enable Ryanair to lower fares and grow traffic to 200 million passengers by FY24.

Michael Hickey, Ryanair’s COO, said: “Ryanair was one of the first airlines in Europe to recognise the value of data analysis to help improve the safety performance of airlines and is committed to the adoption and integration of enhanced data analysis tools. The introduction of Ideagen Coruson will provide us with a further opportunity to capture and analyse safety and security data in real time both quickly and efficiently and help to ensure that effective risk mitigation is put in place.”

Hickey concluded: “We’re delighted to be working with Ideagen and implementing Coruson which will make our reporting systems more effective and assist us in maintaining and continuously improving our safety and security performance.”

Ideagen is a specialist in the provision of safety management software and services to the aviation industry. The business currently has a global customer base of over 3,000 organisations (including more than 300 airlines) and counts Boeing, Emirates, Thomas Cook, British Airways and KLM among that cohort.

Leave a comment

Filed under Risk UK News, Uncategorized

BeCyberSure launches specialist EU GDPR Risk Assessment service

Information security specialist BeCyberSure has announced the launch of the “most comprehensive GDPR Risk Assessment available”. Conducted by security, risk and compliance specialists, the audit provides organisations with a definitive evaluation of their EU GDPR (General Data Protection Regulation) readiness, as well as what needs to be done to ensure compliance ahead of the 25 May 2018 deadline.

The GDPR supersedes the UK’s Data Protection Act 1998 and applies to every company that collects, processes or stores an EU citizen’s data, regardless of sector, size and geographical location. Enforcement of the GDPR is unaffected by the UK’s decision to leave the EU.

The BeCyberSure GDPR Risk Assessment is said to provide the most rigorous audit process available. The assessment is conducted on and off site by a GDPR specialist, beginning with a detailed review of company policies and governance, procedures and processes, an assessment of physical aspects (such as access to buildings and the storage of paper documents, etc.) and, if deemed necessary, an extensive digital vulnerability test. The audit also involves formal and informal (ie covert) interviews with employees as well as heads of department.

EUGDPRWeb

Carolyn Harrison, marketing director at BeCyberSure, explained that the GDPR is a company-wide issue and should not sit solely with IT.

“Our assessment begins with people, policies and processes to reveal any possible vulnerabilities that would result in non-compliance,” urged Harrison. “We then deep-dive, looking at what data the organisation is capturing, how it’s processed, what consent has been given, where it’s stored and how to dispose of all information that’s not required.” Harrison added: “The best technology in the world can be rendered useless if an open door, whether physical or digital, creates the opportunity to access to data.”

Following the audit, the host organisation is presented with a confidential Advisory Report stating what action (if any) is required to ensure GDPR compliance.

On that note, Harrison stated: “This report is invaluable in terms of benchmarking where an organisation is today, where they need to get to and the best course of action to get there. They can then choose to implement the programme of work themselves, collaborate with BeCyberSure or outsource the entire project to us.”

BeCyberSure has a senior team of GDPR auditors who have a wealth of experience with backgrounds in risk management and compliance, cyber security, policing, intelligence services and the military.

Harrison concluded: “There’s a lot of scaremongering going on about the GDPR and, while it’s true that the potential fines are eye-watering and the threat of personal liability daunting, if organisations act now, then they still have time to put the necessary safeguards in place to be GDPR-compliant. Undertaking a Risk Assessment is the first step in the due diligence process and means that organisations are not spending unnecessarily on their route to compliance.”

*For further information access www.becybersure.com

Leave a comment

Filed under Risk UK News, Uncategorized

NSI’s fourth Installer Summit proves great success for 200-plus delegates

Upwards of 200 representatives from National Security Inspectorate (NSI)-approved companies gathered to attend the NSI’s fourth national Installer Summit, held on Thursday 30 March at the Vox, the brand new state-of-the art conference centre at Resorts World on the National Exhibition Centre complex in Birmingham.

Over 50 product and business support providers filled the large exhibition hall, offering delegates the opportunity to view the very latest security technology, expand their technical knowledge and take advantage of exclusive Summit deals and offers.

NSIInstallerSummit2017Speakers

Speakers at the NSI’s 2017 Installer Summit in Birmingham

Special emphasis was placed on education this year, with ten speakers covering a range of pertinent security and fire sector-related topics over the course of the day.

Subjects in the morning plenary session included the Hatton Garden heist and lessons learned for the security sector, the Government’s perspective on cyber security (including the risks and uncertainties), an insight into Jaguar Land Rover’s award-winning corporate security strategy and the newly-launched Trailblazer Apprenticeship Standard for the security and fire business sectors.

NSIInstallerSummit2017RichardJenkinsNSICEO

The NSI’s CEO Richard Jenkins addresses the audience

In the afternoon, delegates were invited to choose from a variety of 30-minute educational sessions. These concentrated on home automation and system integration: the opportunities and risks, tips for protecting businesses against cyber attack, apprenticeships and the benefits for businesses and guidance on forging closer links with police forces.

NSI Gold-approved companies were also given an overview on the changes to the new ISO 9001:2015 Standard fromthe NSI’s expert auditors. In addition, there was a presentation about the benefits of NSI approval for automated gates and barriers, with specific emphasis on helping clients to reduce their risk and understand the business opportunities.

NSIInstallerSummit2017GraemeDow

Graeme Dow speaking at the NSI’s Installer Summit

The seven main sponsors instrumental in delivering this year’s Summit were Avigilon, BT Redcare, CSL, Fermax, RISCO Group UK, IFSEC International and Texecom. As a not-for-profit organisation, the NSI is wholly dependent on its sponsors and other exhibitors who make the event possible.

Richard Jenkins, the NSI’s CEO, stated: “We were delighted to see hundreds of delegates from NSI-approved companies attend this year’s Summit. Delegates clearly value this focused and targeted event which addressed topics specific to their needs in an effective way and in a prestigious professional environment. Like-minded industry experts are ready to share the latest developments in the sector. The feedback we’ve received so far from all participants including speakers, exhibitors and our key sponsors has been overwhelmingly positive, with many seeking to reserve their seats for next year’s event.”

NSIInstallerSummit2017ExhibitionArea

The exhibition area proved extremely popular with delegates

 

End users who choose to contract NSI-approved companies can be assured of security and fire safety services delivered to the highest standards by businesses committed to quality.  With a national network of full-time qualified auditors specialising in security and fire audits, the NSI counts the UK’s premier security and fire safety providers among its clients. The NSI provides robust auditing by experts to verify compliance with relevant British and European Standards, Codes of Practice and certification schemes developed by industry bodies and associations.

Leave a comment

Filed under Risk UK News, Uncategorized

Genetec announces technology partnership with SimonsVoss

Genetec, the provider of open architecture security and public safety solutions, has announced a technology partnership with SimonsVoss, the manufacturer of electronic locks. Through this partnership, Genetec will be able to integrate the SimonsVoss SmartIntego digital locking cylinder, the ‘Smart Handle’ and padlock wireless locks with its own Synergis solution (the IP-based access control core system in Genetec’s Security Center, the company’s unified IP security platform. This will offer a cost-effective and scaleable solution for a wide range of end user customers, including security and risk managers operating in the spheres of higher education, healthcare, retail and Government institutions.

Customers will be able to enroll SimonsVoss locks into their Synergis access control system with Version 5.6 of Security Center, which is expected to be available in early Q2 2017 through the Genetec Channel Partner Programme.

GenetecLogo

With the cost of hardwired access control installation increasing, in the main due to infrastructure complexity and compliance requirements, the ease and speed of installation of a wireless access control solution saves customers money. It also greatly enhances an organisation’s security for staff, visitors and property (both physical and intellectual).

For systems integrators, this integration will offer a greater choice of industry-standard wireless electronic locks. Overall system design and deployment will be greatly simplified, allowing Genetec-certified channel partners to leverage wireless locks and significantly reduce the installation time and labour costs typically associated with hardwired solutions.

“We’re thrilled to add the SimonsVoss brand to our expanding portfolio of supported locks,” said Derek Arcuri, product marketing manager at Genetec. “Both companies will now be able to offer end users and systems integrators alike a greater choice in access control hardware, whether for designing a new physical security system or updating an existing one.”

Bernhard Sommer, managing director at SimonsVoss, added: “The integration of our SmartIntego locks with the enterprise-class Synergis access control software from Genetec will enable a scaleable access control solution that meets today’s needs while providing an easy pathway to future upgrades.”

When Synergis and SimonsVoss locks are deployed alongside Genetec video surveillance products, end users will be able to view all of their lock events and activities seamlessly linked with live or recorded video, giving them a more complete and unified view of their organisation’s security.

Leave a comment

Filed under Risk UK News, Uncategorized