Tuesday, 12 April 2011

No authorised Advertising at the Olympics.




Draft legislation has been proposed ans put forward for the Olympics which makes its illegal for any advertising which has not been paid for to the Olympics Committee.



These sponsorship deals cost millions of £££ for a few weeks of the games, so the Olympics committee is keen to make sure that who ever has not paid can't advertise.

An interesting angle to this is Smart Phones, Tablets and Laptops. The proposed law says that it is illegal "to carry an apparatus by which an advertisement is displayed at of within a few hundred meters of the Olympics venues during the games".

The Olympics committee will take this very seriously and will enforce it. So you better leave your phone, iPod, tablet or laptop at home.

Its obviously designed to stop the big boys advertising something they have not paid millions for at the games, but I  am sure the security teams at the Olympics will over exert their power in applying the law and have great fun doing so.

Make sure anything you wear is not displaying any logos or adverts...they will most likely check your underwear too for logos... ;->

 Advertising Legislation Link. 

Thursday, 7 April 2011

When NOT to trust an SSL cetificate.


Comodo recently issued a security alert that after a breach 9 SSL certificates were falsely issued.

Unfortunately far too many people on the internet associate the SSL padlock as a symbol of ultimate trust.

Unfortunately this is seriously misplaced trust.

Sophisticated hacking attempts mean it is now getting easier for SSL issuers to be hacked into issuing certificates.

Moreover all a certificate really does in terms of integrity is that the host name you types in your browser is what the server hosting the SSL certificate claims to be.

Today it is easy to get (fool) a domain registrar to redirect a domain's IP address or poison DNS to give out a false IP. At this point even if you typed your bank's URL for instance, there is no gaurante that you are actually going to your bank.

So the next time you simply rely on the SSL padlock symbol to keep you safe, think twice... look at the page, is it all the same and if you credentials which are correct are rejected or you get a website error after putting in your credentials, chances are you are logging onto a hacker's site.

SSL and the padlock are NO longer a symbol of trust on their own


Thursday, 31 March 2011

Wales e-crime cost nears £1bn - Trusting everybody




An interesting stroy in the BBC this morning [BBC] about E-Crime now having doubled in a period of just 12 months to £1 billion.

However what was more interesting is the final part of the article. In that a Mr Perring had all his business information stolen by a disgruntled employee when he had to let him go due to the recession. The reason was simple, Mr Perring basically trusted the employee to setup his IT system and run it without checking if it was actually secure because he did not know much about it. He also did not understand that they IT Guy he let off actually had access to all his information

This is what really amazes me - i appreciate that you may not understand IT, but you would no give your house or car keys to just anybody and trust them so why would you not do the same with your information.

Its unknown if Mr Perring lost any personal information that he was processing on behalf of his clients, but if he did and the ICO did have a look at it, Mr Perring would have broken the Data Protection ACT, because as the owner of the business and hence the Data Owner, it would have been his responsibility to ensure all information was being securely processed.

Take stock now:

1) Do you actually know where all your data is, especially if it is being hosted on a cloud or looked after a contractor or 3rd party compaany.

2) Do you know if it has role based access control over it - surely everybody does not need access to all of it.

3) Are you sure all access to the data is actually secure, including when the data is at rest (on a laptop, desktop, server) or in transit across a network.

Remember your Data Ownership risk cannot be transfered simply because you dis not bother to get your policy right and your data goes missing.

Tuesday, 29 March 2011

When too much information is not good. Tesco vs Asda Price refund Policy.



Recently ASDA launched a price policy which allowed you to take your ASDA shopping receipt home, punch in the special code on the receipt and it would automatically price check the whole shop against Tesco and give you an ASDA voucher for the difference if they were more expensive.

Not to be outdone, Tesco started the same. However within weeks Tesco had to change it's policy and reduce the amount you could claim back.... Why you ask??? Well its because too many people started discussing on specific blogs exactly which products were more expensive in Tesco and thereby increasing their voucher claim if they specifically purchased thoes items.

Tesco has received a lot of flame for this on their Facebook page too after back tracking on the original price policy.

Websites like mysupermarket.com do checks on a daily basis against the popular supermarkets and make them avaliable for all to see. Super eager savers use the website to spread the word on where the largest profit it to be had when the price difference between Tesco and Asda is large for a particular product and then websites like moneysavingexpert.com and twitter help spread the word like wildfire.

Hence too much information has forced Tesco to back track and its good to see even a giant like Tesco can be brought down by avaliabilty of information.

Friday, 25 March 2011

More email lists go missing - Play.com, Tripadvisor.

                                      

In the last 7 days both Play.com and Tripadvisor have stated that their marketing email databases which collectively probably exceed 40 million email addresses have been hacked and taken off them.

What surprises me is how both these organisations make it out that its just an email address and hence it is okay. Also they both state that it was not their fault and they were part of an elaborate attack. How is this even acceptable?

Both organisations clearly know they have a legal duty to look after the information and should proactively check and probe their systems, yet none actually do.

However in the case of Tripadvisor there are reports and rumours that the internal system was open to all employees without any restrictions and hence ripe for the taking.

Unless the EU and USA tighten up their Data Protection rules and assign some criminal convictions to them, nothing will force a CEO to take Information Assurance seriously.

Ahh well here is to more spam.

Thursday, 24 March 2011

ASDA selling Samsung Galaxy Tab for just £299.



Its IPAD2 launch day in the UK in under 24 hours and ASDA have dropped the price of the Galaxy Tab to just £299. At one point it was over £600.

Now this is a much better price, but it had been this from day one it would have sold a hell more devices.

It's a bit late for me now especially considering the Galaxy Tab has just a single core processor, and a 7" screen.

I will wait for the IPAD2 and hope that the Dual Core 10" tablets come down to a decent price soon.

Android hardware device makers fail to understand the power of coming in at a decent price point and hence always loose out against Apple.

Amazon Android App store going live... but only is the USA.



I am in the UK and was allowed to download the Amazon Android App store.

It than asks me to enter my Amazon credentials which I do with my Amazon UK account.

It accepts this and then shows the Apps.

I click on Angry Birds RIO and complains of 1 click not being active, so it takes me to the Amazon website and shows me my UK account where I activate 1 click.

Still when I try to download the App it complains of 1 click not setup. I double check and it is.

Others who complain about this on the internet point to the fact that the App store is for the USA only.

SO why does Amazon allow me to:

Download the app store with a UK IP address?

Sign in with a UK Amazon account?

Ask me to setup 1 click on the UK account?

Nowhere does it tell me that not being in the USA is the problem. This is a poor design by Amazon but I am used to it.

Well I will simply have to wait for Angry Birds RIO.

Wednesday, 23 March 2011

UK IPad2 launch and Price drop



The Ipad2 launches in less than 48 hours in the UK.

However what is even better mews is the drop in price by £30 pounds to £399 for the Wifi 16gb entry version.

This is great marketing for Apple. £399 is a price which undercuts every other decent dual core 10inch Android device but still has the strong App Store specially designed for the Tablet orientation.

And now that all the i related devices are undergoing FIPS 140-2 encryption evaluation it makes it a great time for the enterprise to invest also.

Google is really missing a trick here. Sure it has its following and I too use the Nexus S, but in tablet form even I would not argue with the Ipad2.

Its now thinner, lighter and supports Facetime too.

Here is hoping there is enough stock at the UK launch.

Tuesday, 22 March 2011

Leicester City Council - 2,000 Elder's front door code goes missing.




"Leicester City Council has misplaced a USB stick containing personal details of 4,000 vulnerable and often elderly users of its care service.

The data has disappeared from LeicesterCare, the council's vulnerable residents' support service. Along with personal information, the stick also has key codes for 2,000 people, which are used to open boxes outside users' houses which contain their front door keys. - Reported by The Register"

 This is just sickening. It would be good to understand who within the Council actually thought that putting such sensitive information on to a USB Stick was acceptable.

The Council has yet to confirm if the stick was encrypted or not, but if the Council had looked at this with a Business Impact Assessment mehtod for the loss of the data they would have discovered that the loss of 2,000 vulnerable adult's front door code has a very high impact against it if lost.

Its amazing simple things like this are not conducted by the Council and still you keep hearing about such catagories of data loss.

As the Data Owner, ultimately the Council's CEO should be held accountable, but yet again you can be sure that the ICO will not take any real action.

Till the Data Protection ACT does not carry a criminal conviction Data Owners up and down the country will still keep taking large risks with other people's data.

The Council knows even if it is fined, it simply has to pass this charge to the local residents as extra Council Tax.

Due to the nature of the data loss in this case, it is simply shamefull and the CEO of Leicester City Council (as the Data Owner) should offer his resignation.  There is no justifiable business reason to take such sensitive data off onto a removable drive, encrypted or not, especially when you consider how easy it would have been to setup SECURE remote access to the data in the first place.

I always insist on secure remote access to the data in the first instance with USB removable drive access to the data being the absolute last after all other options have been explored and exhausted.


Dangers of Recycling Mobile Phones... Secure Data Erasure.




An interesting article in the Metro newspaper today.

Apparently nearly 50% of people who have purchase or received recycled phone have contacted the original owner because of details left on the phone.

In this day and age I am amazed how many people still don't understan

d why it is so important to factory reset a phone prior to giving it away. Current smartphones hold some dangerous amount of personal information on it. And then you have all the saved passwords and cookies for the likes if Facebook, Twitter, email accounts, etc.

A lot of it is enough to assist with ID theft.

Although the onus is with the owner to delete all his details before giving his phone, the European Data Protection Directive makes it clear that the company doing the recycling should also delete all the data off the phone.

Whatever the case this is a timely reminder to erase all information and ensure you actually know how to delete the data in the first place.

Many smart phones also offer the ability to remote erase a phone or fully encrypt all user data which should be considered too inadition to the basic pin protection.

You have been warned!


Monday, 21 March 2011

Google gets a €100,000 fine in France for Streetview.




Finally some financial penalty for Google's Streetview debacle.

The Data Protection Supervisor in France has ordered Google to pay the maximum penalty of €100,000.

I am sorry but nobody saw through Google's bullshit*t of the code which collected raw unencrypted wireless data was accidentally introduced into the Streetview Production code. Google is far too big a company not to have a strict policy on how code is introduced into a production system.

However what is surprising is the different reaction by the various Data Protection Supervisory authorities across the EU who are all supposed to implement and police the same EU Data Protection Directive.

It just shows that the EU still does not operate in a single manner.

I for one am happy to see Google brought down a peg who have not commented on the matter at all.

Lets see how many other Data Supervisory Authorities follow France. I hope they do and soon.

Although the fine is a drop in the ocean for Google it sends a very clear message to them, do not try your luck at processing personal data unless you have permission and are operating within the law.

London Olympics bans Food, Drinks and more in the name of Anti Terrorism.



Everybody can see through this. Its the only way the Olympics Committee can promise greater profits for their sponsors.

However the following items are banned yo be brought into the Olympics Village:

Food

Drink

Mobile Phones

Umbrellas

Branded Caps

Branded Tops.

Food and Drink is just shameless and the Olympics Committee should be ashamed. However EU law does require free water is distributed so lets see if this is done.

I bet that the cost of a bottle of water within the Olympic Village will be atleast £2.

The pursuit of profit knows no bounds when it comes to the biggest con - Olympics.

Thank God the con only comes once every 4 years.


Friday, 18 March 2011

Why are the Crown Jewels still being exposed... RSA SecurID Hacking




RSA have announced publically that they have been subject to an Advanced Persistant Threat and that some information related to SecurID has been lifted by the hackers.

This is all well and good making it public, but why does a Security Company which relies heavily on their single SecurID product to make money put their development work and source code on an area which is accessible to the internet.

WHY?

Cisco had a similar issue last year too. And these are two large firms which deal with Security.

Things might change now at RSA but close the stable after the horse has bolted comes to mind.

I see this time and time again and the only thing I can think off is that these guys have not done a business impact assessment of what would happen if their source code leaked. Its such a poor business practice to ignore this.


Thursday, 17 March 2011

GMail Backup

A few weeks ago about 150,000 people lost access to thier GMail emails. GMail slowly restored the email and although they had no SLA to do so (free accounts) it was thier reputation on the line.

I host all my Domains with Google Apps (the free version) so i also heavily rely on Google, except that it still appears as my domain rather than gmail.com.

Google are reliable most of the time, but because you have no SLA with the free version of GMail you are relying purely on thier good will.

However there are many ways of backing up GMail, especially with POP and IMAP access.

However the best tool i have found so far is GMail Backup www.gmail-backup.com. Its Freeware/Donateware, although i do suggest you help out the author so that the tool continues to evolve.

What i really like about it, is that it runs under Windows 2008 Server too in addition to other versions of Windows, Linux and Mac. But the best part is that you can invoke it as a command line. So you can now easily schedule a Gmail Backup every one day or in my case, every 6 hours and truely forget about it. It even creates a file which shows which were the newer emails it backed up.

It even allows restoring of the emails back to your GMail account or any other GMail account.

And for thoes who dont like the command line, they do have a GUI, but obviously you cannot schedule the GUI, however the command line is a very simple single line command which simply needs to be invoked to start a backup.



Further backups are all incremental, following the first full backup.

I now have a proper scheduled Gmail backup for all my various GMail App accounts and for once i can forget about worrying if my email in the cloud is safe.

Remember just because you put it into the cloud, does not mean you dont need to back it up, especially when you consider free versions which have no SLA such as GMail, Hotmail, Yahoo, etc.

So go on, do a dialy backup of your GMail before its too late.

When its personal....



When you put your name against something and its in constant view by a large number of people it sort of forces you to fix the issues to maintain your image.

For example Omega rushed across its best watch repairer from Switzerland simply because the Olympics Countdown clock had stopped and it had the word Omega on it.

It would be great if Government IT projects also did this such that the name of the system integrator or consultancy firm was on the screen all the time. If the software was badly implemented atleast the users would constantly be reminded of who implemented it.

When it comes to a report in the newspaper or in Parliament it is generally the name of the Govt department which has failed to implement the system correctly as opposed to also naming and shaming the System Integrator or Consultancy company.

I agree that at times the Goggles Department is also to blame but both the department and the Integrator should be named and shamed together.

It might help Government IT projects be implemented correctly, on time and to an acceptable budget.

Wednesday, 16 March 2011

Quality Assurance - The Wrong Prince.



 wrong prince

It's the wedding of the century for the UK royal family and this company has managed to make commemorative mugs with the wrong prince on it.

Do they know something the rest down know? Can they predict the future?

This is such poor quality assurance. It's not like the two brothers even look remotely alike.

There is a reason why following assurance standards can pay off. In the case of this company they have lost out on thousands of €.

University of York exposes 17,000 student's private information.




Due to a vulnerability on their website, the University ended up leaking 17,000 student's private information including:

Name and addresses

Phone numbers

A level results

Names of next of kin

The ICO have been informed but I don't hold hope of them doing much.

Questions to ask:

Why was private data on a public website

When was the last time the site was pen-tested

When was the last time the server's OS and webserver were patched.

Lets hope the ICO do get serious about such breaches.

The problem with the ICO is that the Data Protection Act they have to police has not been implemented correctly in line with the EU Data Protection Directive. Also the ICO is not sufficiently independent from Government to actually be a real threat or to be taken seriously.

There might be a simple fine here and all the University will simply pay it and move on. If on the otherhand there was a criminal conviction attached to the breach of the DPA like they do for the Health and Safety Law then Data Owners would take looking after data a lot more seriously.

The European Court of Justice is considering taking infraction proceedings against the UK for failing to implement the Data Protection Directive, personally the sooner this happens the better as this will force the overhaul of the Data Protection Act in the UK.

Facebook for Android gets SSL support.




Finally after months of waiting Facebook have rolled out SSL support for their Android Client.

This was a much needed security feature as previously they only hashed the user password before sending it across the airwaves.

Nice to see a social networking site taking SOME parts of security seriously.

Now quickly hit the market place and force the update.


Testing, testing, testing... Visa card glitch for the 2012 Olympics website.



Apparently the website provider for the worlds most important website during this time did not test correctly with the payment provider Visa that all cards which expire in 4 months from the 17th of March (July 2011) would be rejected as a form of payment.

All such customers need to use offline payment by walking into a Lloyd's bank branch and pay by cheque or cash and select the games they wish to see.

Remember as Visa is the official payment provider you can only use Visa cards for paying for tickets and buying anything in the Olympics Village during the games.

Who does not for see such a situation - a very bad Testing strategy.

This is yet another fail after the Olympics Omega 500 day countdown clock stopping in under 24 hours.

I am amazed that large programmes such as the Olympics still cut corners on something like testing.

There is no replacement for a very good Testing strategy and an equally good testing team.

I just hope the Olympics go off without a hitch, but atleast after 2 public fails the Olympics Programme should have learnt something and they do have 499 days left still.


Tuesday, 15 March 2011

London Olympics Countdown clock stops.



This is why you must think about Disaster Recovery and Business Continuity in everything you do.

http://www.bbc.co.uk/news/uk-england-london-12749912

The clock unveiled less than 24 hours ago is now stuck. Its a public statement of the London Olympics Committee - which clearly says we will fail.


The best part is that this is a digital count down clock. I remeber that as a 7 year old i used to build IC555 timer circuits which took less than 10 minutes to put together. Although this does not use an IC555 as things have moved on, how hard could it have been to have parallel timer circuits, ready to take over when one circuit went down?

I am simply surprised why the contractor is not already on site, rather than letting this become a news field day. I guess its due to a lack of proper DR process and poor SLA, they probably thought nothing could go wrong with a clock.

Lets hope the actual games have more luck and that the Olympics committee does have proper Business Continuity plans in place.

UPDATE: The OMEGA Clock is now working, but this is a PR Disaster for Omega.

UPDATE: The clock is NOW undergoing thorough testing.... after the faileur. Very poor Programme Management and Testing Strategy by the Olymics Porgramme.

BBC News

Internet Explorer 9 is OUT.



Microsoft have officially released Internet Explorer 9.

Simple Google IE 9 download for the official Microsoft link.

Microsoft claims this is a significantly overhauled browser but yet it remains to be seen.

Home users should be able to upgrade without much issues, however corporate users may have to wait a long while as it may break some web apps.

Download it and let me know of your experience with the browser.

However if you have XP don't waste your time, this is for Vista, 7 and Server 2008.

Monday, 14 March 2011

TWITTER wants the cake and also wishes to eat it...



Twitter has announced that it wants other Twitter clients to stop writing or updating tweets through its API.

Why? SIMPLE, they loose out on Ad revenue from Ads being displayed within their own Twitter App.

There is commercialization and then there is greed.

They already get Ad revenue from their website but now they want the App Ad share too.

I can't help but think people who don't like the official Twitter App just going away from Twitter.

A lot of Enterprises have large systems using the API to pump out tweets which would stop... they may not choose to use Twitter's own Fat client.

Watch this space.


£3,000 Libel & Defamation through Twitter.



Welsh politician Colin Elsbury who has 28 followers on Twitter (http://twitter.com/colin_elsbury) learnt a very expensive lesson.

He put a libelloust tweet Post about Councillor Edward John Talbot during the elections.

The court ruled in favour of Councillor Talbot and Colin Elsbury has to pay £3,000 Libel + a rumoured £50,000 in Lawyer Fees.

Yet another reason why poeple in the public eye should really think twice before posting Twitter and Facebook type messages that can be seen by many.

However in the case of Colin Elsbury this was a very expensive mistake, one he will not forget anytime soon.

Ipad2 update





0.5 million ipad2 devices sold in 3 days. No other manufacturer can claim this.

Already jailbroken and this is with version 4.3.

Apple will still hold 80% of the tablet market this year despite so many other Android tablets.

UPDATE: cost of the 16GB wifi only IPad is down by £30 to £399

Friday, 11 March 2011

SouthWest Trains and Parking - Snow Policy


Now this will deviate slightly from the Information Assurance Theme, well its about the Avaliability of Parking durring the snow...so i guess as Avaliability is one of the factors of Information Assurance (C, I & A... Confidentiality, Integrity and Avaliability), this counts as an acceptable blog.

For the past two years we have had some significant snow fall in Winter in the UK. Well not as much as in other countries, but a lot for the UK.

I park daily at Farnborough Main (Hampshire) to catch my train to London Waterloo. South West Trains charge nearly £1,000 per year per car and hence make nearly £5Million a year from the Farnborough Car park itsself.

In 2009 I wrote to South West Trains Customer Services who refused to tell me why they did not Grit and Salt the Car Park. They refused to tell me anything sensible.

In November/December 2010 yet again the car park was un-usable due to the Snow. Basically South West Trains do absolutely nothing. They do not grit or salt the car park, yet the Hampshire Council makes does an amazing job at getting rid of all snow off the roads and pavements uptill the entrance to the Farnborough main Station car park.

I again asked the station staff (Mr Harris) who confirmed that he had never been told by South West Trains to grit the car park for over the 6 years he had worked there.

This time i contacted the Aldershot MP and the South West Trains Managing Director. My MP got involved and hence the Managing Director was forced to answer. I sent across a breach of contract notice to him and he instantly paid up as he knew South West Trains was breaking its contract.

The South West Trains Managing Director did tell my MP that they do grit Farnborough Main Station (which was a lie) and that they have a Winter Precautions Procedure (which he refuses to release to me or to my MP).

I asked the Office of Rail Regulator if they had seen the Winter Precautions Procedure and they confirm that they have not seen it either.

I am now persuing this matter through a FOI Request with the Office of Rail Regulator and my MP. South West Trains must be making about £100 Million a year on Car park charges through its entire Network. Yet they refuse to even spend 5% of this ammount to grit its car park and make it useable and safe.

However they are breaching the contract and i urge everybody to claim money back from them for any lost parking days. I claimed a total of 14 days for between 2009 and 2010 and charged them a mileage rate for my wife dropping and collecting me from the station @ 40p per mile. I suggest you all do the same and remeber the law allows you to do this for upto 6 years. Do leave it, get your money back from South West Trains and soon they will have to start gritting the car parks.

Also do write to your MP about this to highlight the issue. I will post the FOI Request details as soon as i get it from the Office of Rail Regulator.

Lack of Google's 'Facetime' version on Android.


YES I know there are 3rd party software such as Tango and Fringe for front face camera video calling on Android, but what I really miss is the idiot proof implementation of Facetime on Apple.

It just works and even at low bandwidth. My mother in Kenya has just 256kb/s broadband and yet I can Facetime with her from the UK.

It is seemlessly intergrated into the phonebook and makes life so easy for any non-techie.

WHY can't Google do the same? It would help the Android market even more?

I have not seen this mentioned for Android 3.0 either but I hold hope fro Android 3.x/4.x.

IPAD2 Launch Day - USA


Its the launch day for the IPad2. Despite any short comings it will sell millions.

The UK launch is on the 25th of March and although I hate to say this, I will be buying one.

Although android may seem like the way to go, it is being let down by the hardware manufacturers.

Apple have got the form right and more important the price too.

If only other tablet manufacturers realised that they really need to undercut the Ipad2 price to have a chance.

However I for one want it for the Facetime and BBC iplayer app. I am sure my wife will find plently of reasons too, in addition to my little girl.

Are you going to buy one?

Thursday, 10 March 2011

Android...lack of Enterprise security.


I have been enjoying using Android on my phone since I hacked my Windows HTC HD2 to run Android 2.2.

Now on the Nexus S with 2.3.3, however I do really miss the security I got from Windows Mobile 6.5. Why can't Android still do full encryption of the device?

Also the ability to look after what I could and could not do on the device's hardware and software through Exchange was useful, including remote wipe.

I hope Android do catch up soon and develop for the Enterprise security market soon.

If it was not for the multitude of Apps within Android I would have gone back

Even the IPhone has been sent in for FIPS 140-2 evaluation for its Cryptography.

Come on Google you are better than this.

I hope.


Amazon.co.uk - i can have two account with the same email address but different passwords....


Recently i logged on to my Amazon.co.uk account and tried to look at my buying history only to find that i only had 3 months worth of history, rather than 6 years!

I first wrote to Amazon.co.uk who told me that i had two accounts, with the same email address but with different passwords. This was amazing to hear so i called them up and yes it was confirmed. They did reset both passwords i could get back to these accounts.

But WHO designs a portal where you can have such a credentials system? How can i have two accounts with the same email address but with different passwords? How does this happen?


Amazon's written asnwer to this is: "The reason for it creating a new account under the same email address could be that the option of being a new customer was/not having a password was chosen."


I am absolutely amazed, but if anybody from Amazon is reading this, probably they can confirm or deny.

INTRO....


Well i finally decided to jump on to the band wagon and start Blogging. Hopefully you will find this interesting and will comming back.

A bit about me: I am an Information Assurance Specialist in the UK and this blog should be more than just about Information Assurance issues.

I generally take interest in more than just Information Assurance, so this should be a lot more than just that.

I run my own IT consultancy company at www.saiconsult.co.uk and provide IA consultancy across the world.

IA is not just about IT Security but covers everything else such as Business Processes, Physical conditions, People and hence I look at the life cycle of information as a whole from its start to its destruction.

I am also an accredited CESG CLAS IA consultant.

Feel free to get in touch if you need any assistance or consultancy on this matter.