May 2010 ramblings

I see it's been almost two months since my last blog entry. What poor discipline - sorry. Things have been really hectic here at First Base Technologies, which is my only excuse.

This year's Infosecurity Europe was the best for many years - we invested in a new and larger stand and more staff and the results speak for themselves. Lots of visitors with a better appreciation of what penetration testing is all about and how it fits into PCI-DSS. Better informed discussions about penetration testing as part of Governance, Risk and Compliance too.

Today I had an excellent meeting with Claranet who provide secure hosting in a private cloud. Just what we need - a guarantee of where our data resides for compliance with Data Protection coupled with a cast-iron SLA. And they provide secure networking too. Great stuff.

A Happy New Year for data protection?

UK readers may have noticed that the Information Commissioner’s Office (ICO)­ will have new powers to fine organisations responsible for security breaches from 6 April 2010. Fines of up to £500,000 can be imposed for serious breaches of the Data Protection Act. The ICO press release is here.

Jonathan Armstrong of Duane Morris, with whom I've shared several conference platforms, thinks this will make CEOs and other senior people take more notice and should make some IT security budgets less prone to cuts. As he says, "If the ICO can levy some decent fines early on, people may take more notice." His article is here.

We can only hope that tougher UK legislation will start to make a difference to the lackadaisical attitude of some senior people towards security!