YourSecurityManager

Independent Information Security specialist helping your business with data protection, resilience, compliance and auditing.

connect with me on linkedin follow me on twitter follow my page on facebook

Welcome

Here to help you improve the security of your information

Designed by macrovector/Freepik

Information security is always hitting the news;

Just a handful of stories making the BBC's headlines recently. And of course let's not forget the looming spectre of GDPR; Firms warned to prepare for tougher EU data protection rules (BBC News 1 June '17). You were aware of that already though, right?

For many small businesses it is a confusing minefield of technobable and jargon, with terms like "data protection" and "cyber safety" bandied about interchangeably with "information security". Potential customers may be asking you for security and incident response plans, BCP and DR plans, vulnerability scans, penetration tests... Your Security Manager is here to help clarify all these (and many many more!), and help you improve the way you protect data in your business, and so increase the amount of business you can do.

Contact Your Security Manager today to discuss how we can work together to improve your information security.

Our Services

Some of the services we can offer

Designed by macrovector/Freepik

Information security consultancy is a broad church, and Your Security Manager offers a huge range of services including;

  • ISO 27001 audit, gap analysis, and project kick off
  • Information Security Plans for Government (CESG/NCSC) contract tendering
  • GDPR preparation
  • PCI-DSS self certification advice and guidance
  • Cyber Essentials guidance
  • Information protection, Risk Management, and Business Impact Analysis consultation
  • Capacity Planning, Business Continuity, and Disaster Recovery consultation
  • Independent 3rd party supplier audit
  • Internal compliance audits
  • Physical security audits
  • Documentation reviews
  • User awareness training
  • ICT support management consultation
I also partner with established service providers, in the Information Protection and Information Security consultation field, and IT Support businesses that have no in-house security expertise. As an ISO27001 Lead Auditor I am adept at sense checking implementations, where an external pair of eyes often finds those little missed details!

If you are seeking to improve the security of your business information then I can be Your Security Manager.

Contact Your Security Manager today to discuss how we can work together.

GDPR

The General Data Protection Regulation - 25th May 2018

Designed by macrovector/Freepik

The EU's General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. It greatly increases the scope and requirements of current data protection legislation, and it applies to every business that may hold personal data on EU nationals.

It defines personal data as any information "relating to an identified or identifiable natural person", and has these key provisions;

  • The right for EU citizens to access, correct, transfer or delete their personal information if it is held on your systems.
  • The requirement for you to notify authorities and customers within 72 hours of any breach affecting their data.
  • Fines of up to 4% of global annual turnover (or €20 million, whichever is higher) for the most serious violations.
    and significantly;
  • The requirement for citizens to give explicit consent for you to hold their data, and for you to store this consent.

This final point applies to data already held. If you have vast stores of historic data, it's time to evaluate whether you really need to keep it.

The GDPR applies to any organisation offering goods or services within the EU. The scope is wide ranging, and even includes data collected in cookies from your website, if that data is used for monitoring the behaviour of EU citizens while they access your website. It applies globally, and will apply to UK businesses even after Brexit, and businesses around the world are now making preparations to comply with the regulations.

Key points in ensuring you comply with the GDPR;

  • you must fully understand what personal data you hold, where the data is stored, and exactly who has access to it, from the moment you receive the information, to the moment it is deleted from your systems.
  • you must have organisation-wide data protection policies, auditable record keeping, perform data protection impact assessments annually, and verify that any businesses you partner with are also compliant!
  • you must have the capability to detect and report data breaches, and the processes in place to find, modify, and delete personal data when requested, all within prescribed time limits.

Technology improvements have meant that personal data became very cheap to hold store and process, so much so that many businesses have vast stores of it. That is changing. Personal data is becoming what is known as a "toxic asset", that is, the risks of holding and storing it are potentially very damaging to your business.

Designed by macrovector/Freepik

Think of it in the terms of toxicity, and you'll be on the right path. Do you need that personal data in order for your business to function? If not, then make sure you don't have it. If you do, then you need to make sure that it is properly protected.

I can help you achieve GDPR compliance. Please contact me for an initial informal assessment, which will look at your existing approach to data protection and information security. I'll provide you with a simple checklist of recommended actions, to point you in the right direction.

Contact Your Security Manager today to discuss how we can work together.

About Us

Information Security is my speciality

Connect with me on LinkedIn

I am Alex Burnham, an enthusiastic advocate for Information Security, and ISO27001 Lead Auditor. I enjoy working with non-technical SME's that struggle to understand how to improve data defensibility. I have practical hands on experience, and a pragmatic approach, in delivering secure technical environments, and implementing ISO27001, PCI-DSS, and CESG/NCSC (including Cyber Essentials) compliant Information Security Management Systems (ISMS).

I have worked with small businesses my whole life. I returned to university as a mature student in the mid '90's to complete a BSc (hons) in Computer Communications. In the early 2000's I was Director of Technology for a web development company, then spent several years as ICT Infrastructure and Support Manager for a national training provider, managing the roll out one of the first virtualised datacentres in the sector. In recent years as an Information Security Officer in financial services, I worked with the compliance teams of major lenders and government departments, including HMRC.

I am committed to providing you with the best advice, solutions, and value, in all your information security requirements. I understand your need for workable, cost effective, solutions to support the growth of your business. Whether you need assistance completing a security plan for an important customer, help with understanding the GDPR, development of your ISMS, or full ISO27001 compliance, I can help in every case. And if you are running a small business with no in-house information security capability, I can be Your Security Manager.

Connect with me on LinkedIn      Dyfi Computer Services on Facebook      Follow me on Twitter

What is InfoSec?

An explanation for real people

Designed by macrovector/Freepik

According to several definitions, the term "Information Security" (InfoSec) means "protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction" in order to provide;

  1. Confidentiality: preserving authorised restrictions on access and disclosure, and means for protecting personal privacy and proprietary information. i.e.: only those that need access, have access.

  2. Integrity: guarding against improper information modification or destruction, and ensuring information nonrepudiation and authenticity. i.e.: the data is correct.

  3. Availability: ensuring timely and reliable access to, and use of, information. i.e.: you can find your data when you need it.

It can be helpful to think of Information Security as Health and Safety guidance and compliance for your business data and information. Just like health and safety, some of it is common sense, some of it is advisable, and some of it is governed by legislation. You have to comply with the legislation, but the rest of it is up to you, depending on how you view the risk, the likelihood of something happening, and the resultant consequences should something happen.

Your Security Manager can give you as much, or as little, assistance as you want or need in making the journey to better protecting your business information and data processing systems. Just like health and safety, there is no one size fits all solution to becoming secure. It's not just about technology either, in fact, most of it is about management, evaluating risks, and changing working practices to be more safe. Sometimes you'll need hard hats and harnesses, but often it's about making sure the floor is clean, and you're using a ladder instead of a chair!

Contact Us

Contact us now by any of these methods!

Email us at info@yoursecuritymanager.com
Use our Tawk.to web-chat
Phone us on 01650 558227
Connect with me on LinkedIn
Message Dyfi Computer Services on Facebook
Message us on Twitter
Write to us at: Dyfi Computer Services, Ty Capel, Darowen, Machynlleth, SY20 8NS

And if you happen to be in our beautiful part of the world, maybe pop in for a coffee!

https://Add-Map.com
We're pretty much off the beaten track, so we don't get many visitors, and to be honest, we like the peace and quiet!
visit our partner business at TyCapel.Wales