27 July 2015 at 4:18pm
Recent news has nicely coincided with my drafting of an encryption policy as part of our Information Security Management System. “Logjam” joins a growing number of vulnerabilities in cryptosystems such as Heartbleed, BEAST and POODLE.
23 March 2015 at 9:32am
Yesterday UCISA published the Information Security Management Toolkit that provides guidance to higher education institutions wishing to establish systems to manage information security. Authors from across the sector contributed to the content including Andrew Cormack and myself from Jisc.
18 February 2015 at 11:34am
An interesting announcement from Microsoft that they have adopted the new ISO/IEC 27018 standard across their Azure, Office365 and Intune cloud services.
4 December 2014 at 2:15pm
For many if not most organisations information security risk management is a new and relatively immature activity that they are still discovering and learning more about. This can mean that the results of the activity can be imperfect. As we learn we can improve the process to better fit the requirements of the organisation but in the meantime we need the ability to deal with flawed results. Some might even go a step further and propose that most risk management methods are inherently flawed and don't go far enough to investigate and measure the root causes of risks.
5 November 2014 at 4:17pm
A brief post this time on my thoughts as to how best integrate certification to the Government's Cyber Essentials scheme into an ISO 27001 ISMS. I'm going to intentionally stay away from how to achieve certification to Cyber Essentials, and just focus on how it might sit within your ISMS.
19 September 2014 at 10:14am
I'm taking a two year internal secondment at Janet where I'll be working on our own information security management systems. I hope to be able to post more about this work within this group, not only to raise awareness of Janet's work in this area and what it means for our customers, but also to share our experiences, difficulties and successes.
15 July 2014 at 10:52am
In response to feedback earlier in the year we've been able to arrange for an externally certified Lead Implementer course in London on the 11th-13th of August, which we can provide to you at a reduced cost of £870.00 plus VAT. Details, and the booking form are available at:
The International Standards Organisation (ISO) maintains a number of different standards in the area of Information Security. Although the standards are not written to directly address the information security issues of research and education organisations they are nonetheless a useful source of information about good practice. External bodies concerned about information security (for example organisations sharing commercially sensitive or personal data, and regulators) often express requirements or questions in terms of the ISO standards.
Subscribe to iso27001