Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 25 February 2008

ISO27001 Information Security

Data security, or lack of it is in the news almost daily and the news is pretty alarming. Report after report reveals, the often casual way, the shortfalls in care of our data.

Every cloud has a silver lining however; we have seen a huge increase in enquiries for consultancy in setting up ISO27001 systems. It seems that industry and commerce are taking data security very seriously, unlike the Revenue.

ISO27001 sets up a number of steps that protect data and other information from unauthorised access and release. It also ensures compliance with the Data Protection Act and ensures that companies are protected from litigation concerning data.

Surely it cannot be long before the Information Commissioner takes action or failing that litigation against those who loose or act in a cavalier manner with data under their care.

Every organisation employing ISO27001 can claim that they have used best practice and have taken all reasonable steps to ensure that the elements of Data Security have been employed. This is a valid defence in a Court of Law (if it should go that far).

C. I. A. are the main requirements:

  • To ensure that data is not compromised or released

  • To ensure that data is protected from unauthorised alteration

  • To ensure that data is available when and where required

If we all carry this out then there is hope for us yet.

At the moment, I for one, am unwilling to trust my valuable data to any organisation not complying fully with ISO27001.

Monday, 11 February 2008

Social Engineeering

Social engineering is the name given to attempts to gain secure information by gaining the trust of the person holding such information.

With Valentine's Day fast approaching, I recall methods used in the past to gain entry to some of London's most secure buildings.

Imagine the scene, a pretty girl with a teddy bear and a box of chocolates presents herself at reception, "It's a surprise for Jason Brown from his girlfriend and the bear, chocolates and message have to be delivered in person". The Receptionist says that security policies will not allow her in, but she pleads that this is an emergency, and trusting the girl, just this once, lets her in. Of course she isn't delivering a Valentines Gift, she has been sent to test the company security.

Imagine the second scenario, the telephone rings and the person on the other end explains that he is one of the IT engineers testing the company intranet and has foolishly gone to the data centre without taking his book of secure passwords, if he is found out he will probably be sacked; can the person please help him out this once and give him log in and password information. The result can be scary.

The third scenario is even more worrying; on a train station the offer is a free pen if the person will simply write their log in and password on a slip of paper. Each person so doing will be entered into a draw with the chance to win a holiday, one million pounds, or some other prize. Sadly too many people take up this offer and compromise their security systems.

This year with February 29 being the day when traditionally ladies can propose to their men it will be entirely possible that many secure buildings will be penetrated by women claiming to want to propose, and it must be surprise mustn't it?

And finally the smoking ban has had a very detrimental effect on security; the fire doors at the back of the building are left open to allow smokers to go out for a cigarette, and get back in afterwards. The social engineer will simply mingle with the smokers and follow them in. Security breached.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design