Thursday, 20 February 2014

Holistic Management of Employee Risk (HoMER)

Holistic Management of Employee Risk (HoMER)

Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf
Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf
Managing employee risk has become a critical issue for organisations, for which a fine balance is required between treating employees fairly and ethically, and ensuring comprehensive data security. This guidance from the CPNI is worth a read.
Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf

Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf

Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf

 

Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf
Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf
Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf
Employee risk is defined as counterproductive behaviour, whether inadvertent, negligent or malicious, that can cause harm to an organisation.
The guidance sets out:
  • Principles, policies, procedures and examples of good practice which help manage the risk of counterproductive behaviour in the workplace
  • Ways to strengthen compliance with legal and regulatory frameworks
  • A framework to help improve trust amongst employees, customers and shareholders.
- See more at: http://www.cpni.gov.uk/advice/Personnel-security1/homer/#sthash.PzQvBqmo.dpuf
Holistic Management of Employee Risk (HoMER)
Holistic Management of Employee Risk (HoMER)
Holistic Management of Employee Risk (HoMER)

European Information Security Summit

The Summit was held at the British Museum (18-19 February).Videos of the talks will be available shortly.

One development discussed in many Panels, and of particular interest, is Europe's new data regime. The European data privacy framework includes a new regulation and a new directive, and will apply to all 27 European member states. The package of measures is aimed at fundamentally overhauling and harmonising the EU’s data protection regime, and will introduce enhanced rights for individuals and tough penalties for non-compliance. It is designed to eliminate the uncertainty created by a patchwork of data protection laws and data breach notifications faced by businesses. One result of this new regime would be that the level of possible fine would increase significantly from the current ICO's limit (in the UK), possibly to between 2 and 5% of a company's global revenue.

Wednesday, 12 February 2014

Data security is not their responsibility say 23% of employees

A news item in Computer Weekly states, "Nearly a quarter of employees believe that data security is not their responsibility, according to a survey by security management firm Absolute Software.

"The survey found that 23% of workers claimed that data security was up to the organisation and not the individual. However, 69% believed that a business should face legal action if the employer loses an individual’s data."

Tuesday, 11 February 2014

ICAEW  'Audit Insights: Cyber Security'

A review from November 2013, which is certainly worth reviewing:

"Auditors working in IT reveal that every business will have their security compromised and must change their mind set around cyber security. In the ICAEW report auditors say that businesses need to be able to tolerate a certain level of security breach and prioritise on protecting what information and data is important to them – their ‘crown jewels’.

Most businesses don’t get the basics right It is estimated that up to 80% of security breaches could be prevented by implementing basic good practices in cyber security. However, businesses of all sizes and across all industries still struggle to get the basics right. People continue to be the weakest link in implementing effective security and human failings are increasingly being exploited by attackers to gain access to confidential information. 

Businesses should focus on their critical information assetsBusinesses cannot sustain an approach of protecting all their information at all times. Instead, businesses increasingly need to prioritise their information assets and focus their resources on their ‘crown jewels’.  This enables a more sophisticated risk-based approach to security which balances the benefits and costs of security measures."

Safer Internet Day, Tuesday 11 February

Today is Safer Internet Day. It is organised by Insafe in February of each year to promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.

In Oxford we held a Safer Internet Day Summit.  "Can we build an action plan for the University to protect staff, academics, and students from online harassment and abuse? Teams from Academic IT, Information Security, Legal Services, HR, Security Services and the Equality & Diversity Unit brought together a panel of experts to discuss the theme of this year's international Safer Internet Day 2014, which is 'Let's create a better internet together'.

Presentations addressed the Oxford landscape and included 'How does your institution keep you safe?' by Dr Sara Perry, University of York, a scholar who was harassed online and has researched how academics are particularly vulnerable."

Wednesday, 23 October 2013

EDUCAUSE - comparison of IT Risk Management Methodologies

Throughout higher education, increased emphasis is being placed on the necessity to manage IT risk/opportunity more effectively. One session compared and contrasted how Princeton and Oxford universities manage risk, reviewed experiences from many other universities, and sprinkled in the EDUCAUSE top-ten IT issues.

Only 33% of universities have adopted an IT risk management methodology....

Annual EDUCAUSE conference

The annual EDUCAUSE conference was held last week in Anaheim, California.Many of the talks are available online. An initial view of the EDUCAUSE Core Data Service 2013 survey was particularly interesting.