Monday, 19 October 2020

Privacy Management, Compliance and Information Security Management


As a current  CCPCIPM and CIPP/E and ex CLAS consultant I have been dealing with compliance as well as technical security and information assurance for some 20 years.

As I have privacy management as well as Information Security experience I present both aspects of Information Assurance (ie Ethical Hack Testing, Risk assessment remediation  architecture with Privacy management together on this site


Privacy Management

Data Protection Officer and Privacy Consultancy

 I have experience and qualifications in assessing the legal requirements for personal data protection, in privacy program management and the jurisdictional requirements for cross border personal data flow.

 In simple terms this is what privacy management provides:-

1) An assurance of compliance against privacy litigation

 2) Correct  management of personal information

 3) Strategies for the management of privacy processes to reduce the reputational damage from a breach

 4) Strategies for the management of and damage limitation from a breach in the unfortunate circumstances of it actually happening ..

 I can do this in two ways

 1) be your Data Protection Officer

 2) be your Privacy Manager

 In 2017-2018 I worked with the Cabinet Office Government Digital Service (GDS) privacy manager to ensure that all my projects were GDPR compliant 

 I have studied with the International Association of Privacy Professionals and hold their Certified Information Privacy Professional/ Europe (CIPP/E) and the Certified Information Privacy Manager (CIPM) certifications verifiable from this page

 I am expert in European and British privacy law having been examined on this body of knowledge and in privacy program management on this body of knowledge

 I am also expert in Privacy Engineering, a super-set of the Information Security controls with which I have worked for some 20 years and hold the NCSC CCP, and ISC2 CISSP and  CCSP  certifications.


Information Assurance Management

 HMG Information Assurance : CESG/Cyber Certified Professional CCP NCSC Certification

 I have had the pleasure of having my skills and experience in Information Security of the last 20 years endorsed by the National Cyber Security Centre through an assessment of examples of my work over the last 8 years with the award of Certified Cyber Professional (CESG Certified Professional) as at 31st August 2020.

 Here is a link to a full CV summarizing 27 years in Information Security,

 These are the areas in which I work and have been certified  :-

A1 - Information Security Governance

A2 - Policy & Standards 

A3 - Information Security Strategy

A4 - Innovation & Business Improvement

A5 - Information Security Awareness and Training

A6 - Legal & Regulatory Environment

A7 - Third Party Management

B1 - Risk Assessment

B2 - Risk Management

C1 - Security Architecture

C2 - Secure Development

D1 - Information Assurance Methodologies

D2 - Security Testing

E1 - Secure Operations Management

E2 - Secure Operations & Service Delivery

E3 - Vulnerability Assessment

F1- Incident Management

F2 - Investigation

F3 - Forensics

G1- Audit & Review

H1&2 – Business Continuity Management

I1 - Research



Tuesday, 25 October 2016

Cloud Security

Recent Work (Research) :-

CCSP Certified Cloud Security Professional (2017 )

Backed by the two leading not-for-profits focussed on information and cloud security, (ISC)² and the Cloud Security Alliance (CSA), the CCSP is the only vendor-neutral credential that confirms demonstrated competence and experience in securing cloud computing environments.

CLOUD SECURITY OPTIMISATION : Secure and optimize your organization’s use of cloud computing infrastructure and services with a qualified professional who has demonstrated his cloud security competence

1. Cloud Architecture  & Design 
2. Cloud Data Security

CLOUD SECURITY RISK MITIGATION STRATEGIES Ensure your work teams stay current on evolving cloud technologies, threats and mitigation strategies by use of a CCSP ( Certified Cloud Security Professional

3. Cloud Platform & Infrastructure Security
4. Cloud Application Security

CLOUD SECURITY BUSINESS OPERATIONS AND ORGANISATIONAL INTEGRITY : Ensure your organization is applying the proper cloud security controls not only internally but also with third parties by reinforcing risk and legal requirements through cloud contract and SLAs with cloud service providers and in the eyes of clients and other stakeholders

5. Operations

CLOUD SECURITY BEST PRACTICE : using the two leading stewards of information and cloud security knowledge – (ISC)² and CSA , your organization can be confident it reflects the most current required best practices.

6. Legal & Compliance

Other area of experise

Experience / Training

2017 CCSP ISC2
Cloud Security Business Domains :-
Cloud Security Risk Mitigation
Cloud Security Operations
Cloud Security Compliance

CCSP Technical Domains :-

1. Cloud Security Architectural & Design Requirements
2. Cloud Data Security
3. Cloud Platform & Infrastructure Security
4. Cloud Application Security
5. Cloud Security Operations
6. Cloud Security Legal & Compliance
Activities / Roles
2004-2015 CLAS
2016 IISP Associate Information Risk Practitioner
2008 ITPC Accreditor, by Waiver / CLAS
2006 ISO27001 Lead Auditor Cert, British Standards Institute
2005 CEH Certified Ethical Hacker, EC Council
2002-2016 - CISSP, (ISC)2
2002 CCSA (NG), Checkpoint
2000 CCSE 4.1, Checkpoint
2000 MCSE, Microsoft
1999 CCNA, Cisco
1998 MCP, Microsoft
1994 C.N.A, Novell
Penetration Testing
Cyber Security, SIEM 2.0 , GPG13 compliance delivered, Hands on design and Implementation
Security Architecture
CLAS Consultant ( 2004-2015 )       
Infosec Assurance & Support
Security Auditing & Reviews
Security Policy & Documentation
Risk Management Accreditation (RMADS)
Accreditor ( 2006-2010)
Infrastructure Security Design
Technical Design Assurance
Security Gateway Design and Security Assurance (MOD)
ISO27001 Compliance

CISSP Domains:-
Access Control
Communications Security
Risk Management and Business Continuity Planning
Policy, Standards, and Organization
Computer Architecture and System Security
Law, Investigation, and Ethics
Application Program Security
Cryptography, including design to Manual V IPSEC / PKI standard.
Computer Operations Security
Physical Security