Getting your cyber essentials – Jason Fitzgerald – Ep62

Cyber Security, be it how we secure our perimeter, infrastructure, mobile devices or data, is a complex and ever-changing challenge. In the face of this complexity where do we start when it comes to building our organisations cyber security standards.

Well perhaps the answer may lie in standardised frameworks and accreditation’s. If you think about it, one of the biggest challenges we have when it comes to security is knowing where to start, so having a standard to work towards makes perfect sense.

That is the subject of this weeks show with my guest and colleague Jason Fitzgerald, as we discuss the value of a UK based accreditation, Cyber Essentials.

Jason is a very experienced technical engineer and consultant and today spends much of his time working with organisations to help them address their IT security concerns and develop policies, procedures, strategies and technologies to help them to improve their security baselines.

One of the tools that Jason uses extensively is a framework and accreditation produced by the National Cyber Security Centre here in the UK, Cyber Essentials. During this episode we discuss why such a framework is valuable and can help a business improve its security posture.

But first we start with discussing the kind of security landscape that Jason sees when he talks with businesses of all types, some of the confusion that they have and the often-misplaced confidence that comes with the “latest and greatest” security technology solution purchase.

We explore the importance of organisational “buy in” when it comes to security, why it can’t be just seen as an IT problem and how without senior sponsorship your security efforts may well be doomed to failure.

Jason shares with us the 5 key areas that Cyber Essentials covers, from perimeter to patching. He also provides some insight into the process that an organisation will head down when building their own security framework.

We also look at the value of getting your security foundation correct, how it can greatly reduce your exposure to many of the common cyber security risks, but also how without it, your attempts to build more robust security and compliance procedures may well fail.

We finish up with Jason sharing some of his top tips for starting your security journey and how, although Cyber Essentials is a UK based accreditation, the principles of it will be valuable to your organisation wherever in the world you may be based.

You can follow Jason on twitter @jay_fitzgerald and read more from him at his blog Bits with the Fitz

If you want to learn more about Cyber Essentials, then visit the UK’s National Cyber Security Centre website www.cyberessentials.ncsc.gov.uk

Next week, we are looking at GDPR as I’m joined by a special guest Mike Resseler from Veeam as he takes us through the business compliance process they have carried out across their global organisation.

Thanks for listening.

Advertisements

Make People Our Best Data Security Asset

Losing USB sticks, leaving laptops on trains, installing malware, clicking phishing links. From maliciousness to stupidity, our people are a constant problem. In fact people are our biggest data security issue aren’t they?

Aren’t they?

We have to ask ourselves, are we doing all we can to help our people? Rather than seeing them as a security problem, have we thought about how we can make them an asset as we continually look to take on the threats to our critical data?

That’s the subject of this week’s podcast, as I chat with Dom Saunders from NETconsent.dom saunders

NETconsent specialise in the human side of technology, ensuring users are fully up to date with policies and procedures, as well as continually educated about new threats and solutions.

Our people can be a huge benefit in our data security and privacy plans. In this episode we look at why many IT policies fail, the risks that poor procedures introduce, why education is so critical and how to make sure our people are getting access to the best help they can.

We wrap up looking at 5 steps you can take to make sure your users are a data security asset rather than a risk.

To find out more about NETconsent then check the NETconsent website.

To see how other businesses have worked with their people, have a look at these case studies.

You can also catch up with NETconsent on twitter @NETconsent

This is the third show in our series on data privacy and security – if you’d like to catch the other two episodes, you can here;

Best Take Care Of Those Crown Jewels – Sheila Fitzpatrick – Ep 17

Don’t Build Your Data Privacy House Upside Down – Sheila Fitzpatrick – Ep 18

Subscribe on Android

http://feeds.soundcloud.com/users/soundcloud:users:176077351/sounds.rss