Author Archives: CSF Admin

Database security

To paraphrase a saying “There are no old, bold, DBA’s”.  That’s “database administrators” in case you were wondering, and one might go even further to say that there may not even be any DBA’s before too long.  Demonstrably secure relational databases should be a thing of wonder; users who can ‘write down’ but not ‘write up’ should be revelling in the knowledge that they will never accidentally overwrite the major donor address records, let lone be able to access them; and information security officers should be rejoicing in the knowledge that their corporate databases embody the only ACID test that matters.  But all this database stuff seems to have been a … Continue reading

Posted in Opinion | Comments Off on Database security

Business Continuity

It should be that business continuity is seen as part of the infosec role but so often the subtle differences between Disaster Recovery, Business Continuity, and Risk Management contribute to a blurring of the lines that can result in Business Continuity not appearing on anyone’s agenda. Trying to get your trustees to think through this important threat to the organisation can often result in  them identifying risks of biblical proportions which have little chance of occurring. If all you wanted to do was have them think about the simple issues maybe it’s time for a different tack?  Why not invite some of your CSF colleagues along to share the experience … Continue reading

Posted in CSF Blog | Leave a comment

Phishing

It takes about six days for folks to realise the enormity of the problem.  So imagine a disaster, say, like the tsunami in 2004, or perhaps Hurricane Katrina.  For many charities engaged in humanitarian work the need to mobilise, and mobilise quickly, in the face of such enormous natural disasters requires funds.  And the human need to support such work results in the generous and unconditional gifting of those funds.  So back to the six days.  That tends to be the time period after which folks want to respond usually with monetary help.  Your charity probably knows this and will gear up to expect this, but the bad guys know … Continue reading

Posted in Opinion | Comments Off on Phishing

Keep Data Safe…

There’s a line to be drawn between Data Protection and Information Security and if your charity is confused about where that line is, or insists that the Information Security Officer doubles up with Data Protection duties, or worse still vica-versa, then maybe it’s about time to review your Data Protection procedures, not to mention your policies, especially given the requirements of the General Data Protection Regulation.  Compliance with its requirements should be a strict matter of governance and not confused with many faces of the field that is information security. The prescribed principles of Data Protection enshrined in law are there to be adhered to.  Whether  data must be processed … Continue reading

Posted in CSF Blog, Opinion | Comments Off on Keep Data Safe…

Networks

“There are no computers, only networks.”  We might not be too far off that reality.  And that reality puts a lot of responsibility on whoever runs your network.  It’s likely that one way or another your network is your weakest link, and that as an information security officer you’ll know that your ‘data in transit’ is the most vulnerable state of your most precious asset. Wrongly configured and ill-protected networks are the stuff of infosec nightmares, and routers with default passwords are the genesis of such dreams.  Check now with your network guy/gal (or with yourself if you have the responsibility in your charity) that there isn’t a router with … Continue reading

Posted in Opinion | Comments Off on Networks