About Brian Pennington

Helping businesses to use cybersecurity to achieve better business outcomes and to comply with a range of Governance, Risk and Compliance standards.

Brian Pennington has been involved in the IT industry for almost four decades, initially as an analyst and systems engineer and then Sales and Marketing.

For the last 29 years, he has been focusing on Cybersecurity (although it used to be Infosec) first with his own VAR that won UK Network Reseller of the Year in 1997 for a Secure Remote Access Solutions. Post VAR he has been a Security lead for the UK’s largest Outsourcer, one of the world’s largest Systems Integrator, the world’s largest dedicated Cybersecurity Audit and Assessment firms and one of the world’s largest Test, Inspection and Certification companies.

All views expressed are mine and may not be those of my employer, past or present.

Rate this:

6 responses to “About Brian Pennington”

xx

17/12/2017

Thursday 20 July 2017
ShareShareShare
Sutton Council apologises for data breach
File with names of benefits recipients was mistakenly published on website
The London Borough of Sutton has admitted that it mistakenly published the names of a group of people receiving benefits on its website.

Mistakes abstract – pencil over wordThe council has publicly apologised for the data breach and said it has begun to cooperation with the Information Commissioner’s Office (ICO) on an investigation.

A report in the Sutton Guardian says the London borough’s breach involved the inadvertent publication of monthly files listing people who receive payments of more than £500 for disability, adoption, fostering, day care respite and special needs on the council’s website. Hundreds of people were named in the files along with the amounts they receive.

The data was inadvertently posted in early June and again on a fresh spreadsheet last week. It was discovered on Monday 17 July, following which the files were quickly removed and the names and payments redacted before reposting.

Council statement
Sutton issued a statement on the incident that said: “Sutton Council was made aware of a potential data breach involving the inadvertent publication of the names of individuals in receipt of payments from the council. No other personal information has been released.

“We immediately removed the data in question upon discovering this breach. As part of our agreed internal policies we are carrying out an investigation and are in contact with the ICO. We will of course do everything we can to help the ICO should they wish to make further enquiries.

“We are sorry this has happened and want to reassure residents we take matters such as these seriously. We are reviewing our processes to take all steps necessary to avoid any instance such as this happening again.”

The revelation comes shortly after Newcastle City Council’s apology for a mistake in which it attached a spreadsheet with details of adoptive families to an emailing.

LikeLike

Reply
Brian

31/01/2014

Really appreciate you sharing all of those great resources for PCI! Are you familiar with any of these webinars? ~ http://www.blackstratus.com/resources/webcasts-and-podcasts/ Some good ones in there, would love your take on the talk from Tracy Hulver.

Thanks!

LikeLike

Reply
Neil Morgan

19/08/2013

Brian can you please contact me on neil.morgan@citadeldss.com best regards Neil

LikeLike

Reply
Cordny Nederkoorn

09/10/2012

Great read on PCIDSS and privacy legislation.
Keep up the good work Brian.

LikeLike

Reply
Martin Dixon

03/10/2011

Brian can you caontact me on martin.dixon@nccgroup.co.uk. Kind regards, MD

LikeLike

Reply
Viral Vora

12/09/2011

Hi
very good read.

LikeLike

Reply