Privacy Management, Compliance and Information Security Management

 

As a current  CCP,  CIPM and CIPP/E and ex CLAS consultant I have been dealing with compliance as well as technical security and information assurance for some 20 years. As I have privacy management as well as Information Security experience I present both aspects of Information Assurance (ie Ethical Hack Testing, Risk assessment remediation  architecture with Privacy management together on this site

 

Privacy Management Data Protection Officer and Privacy Consultancy  I have experience and qualifications in assessing the legal requirements for personal data protection, in privacy program management and the jurisdictional requirements for cross border personal data flow.  In simple terms this is what privacy management provides:- 1) An assurance of compliance against privacy litigation  2) Correct  management of personal information  3) Strategies for the management of privacy processes to reduce the reputational damage from a breach  4) Strategies for the management of and damage limitation from a breach in the unfortunate circumstances of it actually happening ..  I can do this in two ways  1) be your Data Protection Officer  2) be your Privacy Manager  In 2017-2018 I worked with the Cabinet Office Government Digital Service (GDS) privacy manager to ensure that all my projects were GDPR compliant   I have studied with the International Association of Privacy Professionals and hold their Certified Information Privacy Professional/ Europe (CIPP/E) and the Certified Information Privacy Manager (CIPM) certifications verifiable from this page  I am expert in European and British privacy law having been examined on this body of knowledge and in privacy program management on this body of knowledge  I am also expert in Privacy Engineering, a super-set of the Information Security controls with which I have worked for some 20 years and hold the NCSC CCP, and ISC2 CISSP and  CCSP  certifications.

Information Assurance Management  HMG Information Assurance : CESG/Cyber Certified Professional CCP NCSC Certification  I have had the pleasure of having my skills and experience in Information Security of the last 20 years endorsed by the National Cyber Security Centre through an assessment of examples of my work over the last 8 years with the award of Certified Cyber Professional (CESG Certified Professional) as at 31st August 2020.  Here is a link to a full CV summarizing 27 years in Information Security,  These are the areas in which I work and have been certified  :- A1 - Information Security Governance A2 - Policy & Standards  A3 - Information Security Strategy A4 - Innovation & Business Improvement A5 - Information Security Awareness and Training A6 - Legal & Regulatory Environment A7 - Third Party Management B1 - Risk Assessment B2 - Risk Management C1 - Security Architecture C2 - Secure Development D1 - Information Assurance Methodologies D2 - Security Testing E1 - Secure Operations Management E2 - Secure Operations & Service Delivery E3 - Vulnerability Assessment F1- Incident Management F2 - Investigation F3 - Forensics G1- Audit & Review H1&2 – Business Continuity Management I1 - Research

 

Cloud Security

Recent Work (Research) :-

Use of AWS for HMG Official 

Use of Openstack

Multi-Cloud Integration into a single Enterprise Architecture

Integration with Azure

Integration with Homomorphic encryption

Orchestration using Kubernetes @ Home Office 

Docker on VMWare @ Home Office 

CCSP Certified Cloud Security Professional (2017 )

Backed by the two leading not-for-profits focussed on information and cloud security, (ISC)² and the Cloud Security Alliance (CSA), the CCSP is the only vendor-neutral credential that confirms demonstrated competence and experience in securing cloud computing environments.

CLOUD SECURITY OPTIMISATION : Secure and optimize your organization’s use of cloud computing infrastructure and services with a qualified professional who has demonstrated his cloud security competence

1. Cloud Architecture  & Design 
2. Cloud Data Security

CLOUD SECURITY RISK MITIGATION STRATEGIES Ensure your work teams stay current on evolving cloud technologies, threats and mitigation strategies by use of a CCSP ( Certified Cloud Security Professional

3. Cloud Platform & Infrastructure Security
4. Cloud Application Security

CLOUD SECURITY BUSINESS OPERATIONS AND ORGANISATIONAL INTEGRITY : Ensure your organization is applying the proper cloud security controls not only internally but also with third parties by reinforcing risk and legal requirements through cloud contract and SLAs with cloud service providers and in the eyes of clients and other stakeholders

5. Operations

CLOUD SECURITY BEST PRACTICE : using the two leading stewards of information and cloud security knowledge – (ISC)² and CSA , your organization can be confident it reflects the most current required best practices.

6. Legal & Compliance

Other area of experise

Competencies	Experience / Training
2017 CCSP ISC2	Cloud Security Business Domains :- Cloud Security Risk Mitigation Cloud Security Operations Cloud Security Compliance CCSP Technical Domains :- 1. Cloud Security Architectural & Design Requirements 2. Cloud Data Security 3. Cloud Platform & Infrastructure Security 4. Cloud Application Security 5. Cloud Security Operations 6. Cloud Security Legal & Compliance
Qualifications	Activities / Roles
2004-2015 CLAS 2016 IISP Associate Information Risk Practitioner 2008 ITPC Accreditor, by Waiver / CLAS 2006 ISO27001 Lead Auditor Cert, British Standards Institute 2005 CEH Certified Ethical Hacker, EC Council 2002-2016 - CISSP, (ISC)2 2002 CCSA (NG), Checkpoint 2000 CCSE 4.1, Checkpoint 2000 MCSE, Microsoft 1999 CCNA, Cisco 1998 MCP, Microsoft 1994 C.N.A, Novell	Penetration Testing Cyber Security, SIEM 2.0 , GPG13 compliance delivered, Hands on design and Implementation Security Architecture CLAS Consultant ( 2004-2015 )        Infosec Assurance & Support Security Auditing & Reviews Security Policy & Documentation Risk Management Accreditation (RMADS) Accreditor ( 2006-2010) Infrastructure Security Design Technical Design Assurance Security Gateway Design and Security Assurance (MOD) ISO27001 Compliance
CISSP	CISSP Domains:- Access Control Communications Security Risk Management and Business Continuity Planning Policy, Standards, and Organization Computer Architecture and System Security Law, Investigation, and Ethics Application Program Security Cryptography, including design to Manual V IPSEC / PKI standard. Computer Operations Security Physical Security