Monthly Archives: December 2014

Bring your own device – the Santa Clause

ID-10093727If you or your colleagues are lucky enough to get a visit from the big guy this Christmas, who knows what digital delights he may leave you all!

If any of those delights happen to be mobile devices like swanky iPhones or tablet computers, you or your colleagues may be tempted to use them to their fullest capability and swap out work issued devices, which might not be quite as impressive as the Santa gift. Before anyone does that, they need to make sure they have checked their organisation’s policy on Bring Your Own Device (BYOD) to make sure that they know precisely what they need to be doing in order to be compliant and secure, not only for the business but for themselves.

IfID-10088166 you are the Information Security Officer (ISO), now might be a good time to start reminding staff about this policy and finding ways of making sure you have really embedded the organisation’s response and posture on BYOD. Many businesses will be starting to close down for the festive period and not all will return at the same point, so make sure new devices don’t suddenly start popping up on the network that you were not aware of or have not gone through the appropriate security process.

If you are a user then it’s worth reminding yourself why we have these policies in organisations. According to a study by RiskIQ, by 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs. This is up from 11k in 2011.  We have to know what is sitting on or accessing our networks; the permissions required by some apps, even the legitimate ones are pretty comprehensive and invasive. BYOD policies should cover this as well as standard anti-malware requirements.

Its also worth noting that some devices are actually built insecurely; gaping back-doors are a feature in Xiaomi and Star9500 smartphones, for instance and I am sure these are not the only ones. (See Hacker News.) So the user may not be aware of what a risk they are to your network before they download a single app.shared network

So BYOD policy should include a Santa Clause
and everyone who connects to the network needs to understand, agree and abide by it….the naughty list awaits next year for those who don’t…

 pictures courtesy of

Does Santa Have ISO28000?

During a festive office pondering, the topic of ISO28000 popped up. That might seem random to most people but this is Advent IM and you simply never know when a security standard might become pertinent.

ID-100298301In this instance we were discussing Santa; it being the season to be jolly etc. Here is a logistics expert and manufacturer (via Elves, obviously) with one of the most complex and dynamic supply chains one could imagine. He is a logistics supplier for parents as well as supporting his own goods; this is an assurance nightmare surely?!

So how do you secure your supply chain and offer assurance to key stakeholders that you have an evolved posture on transport security? ISO 28000 seems like a good option for Santa to consider and he can integrate with his ISO9001 and ISO14001 too!

Santa, if you’re reading this; the phone is always on the hook for you 🙂

Those with less complex supply chain, transport or logistic assurance needs may also benefit.

HoHoHo and Merry Christmas to you all.


pictures courtesy of

santa gifts