Category Archives: CSF Blog

Business Continuity

It should be that business continuity is seen as part of the infosec role but so often the subtle differences between Disaster Recovery, Business Continuity, and Risk Management contribute to a blurring of the lines that can result in Business Continuity not appearing on anyone’s agenda. Trying to get your trustees to think through this important threat to the organisation can often result in  them identifying risks of biblical proportions which have little chance of occurring. If all you wanted to do was have them think about the simple issues maybe it’s time for a different tack?  Why not invite some of your CSF colleagues along to share the experience … Continue reading

Posted in CSF Blog | Leave a comment

Keep Data Safe…

There’s a line to be drawn between Data Protection and Information Security and if your charity is confused about where that line is, or insists that the Information Security Officer doubles up with Data Protection duties, or worse still vica-versa, then maybe it’s about time to review your Data Protection procedures, not to mention your policies, especially given the requirements of the General Data Protection Regulation.  Compliance with its requirements should be a strict matter of governance and not confused with many faces of the field that is information security. The prescribed principles of Data Protection enshrined in law are there to be adhered to.  Whether  data must be processed … Continue reading

Posted in CSF Blog, Opinion | Comments Off on Keep Data Safe…

Going Shopping?

When you buy stuff online do you pay with a debit card or a credit card?  Me?  Well I’m in the credit card camp mainly ‘cos I reckon that there’s just that little bit more protection – or shall we say less transference of risk.  I may be woefully wrong.  But whichever camp you feel happiest with, it’s likely that your charity will be taking online donations, and possibility running some sort of trading operation.  With each of these activities comes the requirement to comply with PCI-DSS.  And if you don’t know what that acronym stands for then you’d better get googling quickly. Arguably one of the data items that … Continue reading

Posted in CSF Blog | Leave a comment

Scams and Scammers

There’s a lot talked about the weakest link when it comes to security and it should be no surprise that  quite often that weakest link is you.  Not specifically you, you understand, but each of us who ends up being the victim of a scam.  And the exploit in this scenario is our own vulnerability and willingness to believe in other people.  The scammers take advantage of this human trait with social engineering skills designed to lure us into making a wrong move.  For the humanitarian charities dealing with people it can be difficult to adopt the cynical approach that might forewarn of a scam.  For all of us education … Continue reading

Posted in CSF Blog | Leave a comment


There’s a definite conference season when it comes to infosec and for those tasked with organising events it can be a proverbial nightmare to find a date, a venue, and a compelling programme that will suit the majority of delegates.  And along with the seasons programme of infosec events comes the inevitable deluge of emails advertising, encouraging, and promoting each event.  It’s great to feel wanted but how do you verify the genuine from the ingenuous?  The scams and spams from the silver-plated invitations to the must-attend events?  Sometimes it’s easy to differentiate and a good line-up of top-flight speakers will help ensure that there is something to learn and … Continue reading

Posted in CSF Blog | Leave a comment