Privacy

Who Needs ISO 27001 Foundation Training?

ISO 27001 training isn’t just for auditors or security consultants. Indeed, many roles need baseline knowledge of the Standard. If you help to protect information, support audits or manage suppliers, you will benefit. Foundation training teaches you the structure of an ISMS (information security management system), the core requirements in ISO/IEC 27001:2022 and what the Annex A controls cover in practice. It’s short, accessible and accredited, you can study in person or online, and there’s an exam and a recognised certificate on completion. What the Foundation course covers Outcomes Who needs ISO 27001 Foundation training? 1. IT administrators moving into

The post Who Needs ISO 27001 Foundation Training? appeared first on IT Governance Blog.

October 1, 2025
0 comment
Read More >>

Human Error and Accidental Data Breaches: Lessons from Recent Cases

According to Verizon’s 2025 DBIR (Data Breach Investigations Report), some 60% of data breaches now involve “the human element” – in other words, errors and non-malicious activity. Failing to use the bcc function when emailing groups of people, accidentally emailing spreadsheets full of unencrypted personal data to entire mailing lists without checking, mistakenly misconfiguring an AWS bucket… each of these simple errors can expose personal information and damage reputations. Recent years have seen several large–scale incidents where accidental disclosure has had significant consequences. These examples show how even organisations with extensive resources and responsibilities can fall victim to basic human

The post Human Error and Accidental Data Breaches: Lessons from Recent Cases appeared first on IT Governance Blog.

October 1, 2025
0 comment
Read More >>

How to Become a DPO (Data Protection Officer) in the UK

Are you thinking about becoming a DPO (data protection officer)? You’re not alone. It’s one of the fastest-growing privacy roles in the UK. For many organisations, appointing a DPO is a legal obligation under the UK GDPR (General Data Protection Regulation). For others, voluntarily appointing a DPO enables them to demonstrate accountability and manage the growing complexity of privacy regulation. For mid-career professionals, the DPO role represents an attractive career move. It draws on compliance, risk management, IT, and legal expertise, but positions the individual as an independent voice reporting directly to senior management. Salaries are competitive, the role is

The post How to Become a DPO (Data Protection Officer) in the UK appeared first on IT Governance Blog.

September 29, 2025
0 comment
Read More >>

How to Become a DPO (Data Protection Officer) in the UK

Are you thinking about becoming a DPO (data protection officer)? You’re not alone. It’s one of the fastest-growing privacy roles in the UK. For many organisations, appointing a DPO is a legal obligation under the UK GDPR (General Data Protection Regulation). For others, voluntarily appointing a DPO enables them to demonstrate accountability and manage the growing complexity of privacy regulation. For mid-career professionals, the DPO role represents an attractive career move. It draws on compliance, risk management, IT, and legal expertise, but positions the individual as an independent voice reporting directly to senior management. Salaries are competitive, the role is

The post How to Become a DPO (Data Protection Officer) in the UK appeared first on IT Governance Blog.

September 29, 2025
0 comment
Read More >>

Digital Threat Modeling Under Authoritarianism

Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an exercise in threat modeling.

In security, threat modeling is the process of determining what security measures make sense in your particular situation. It’s a way to think about potential risks, possible defenses, and the costs of both. It’s how experts avoid being distracted by irrelevant risks or overburdened by undue costs…

September 26, 2025
0 comment
Read More >>