Author Archives: Steve Maddison

Director and Principal Consultant

BIM, Security and the Building Lifecycle

Building Information Modelling, London skyline

 

 

 

 

 

 

 

 

 

In our previous articles on Building Information Modelling (BIM) we have explained how information security should be part of implementing BIM for construction projects.

In this latest article we look at how the risks to information on construction and refurbishment projects change over the course of the building lifecycle, and what measures can be put in place to manage those risks. Continue reading “BIM, Security and the Building Lifecycle” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

How to manage Building Information Modelling (BIM) implementation – Part 2 of 2

Building Information Management (BIM) image

 

 

 

 

 

 

 

 

In our first article on Building Information Modelling (BIM), we looked at what BIM is and the types of data at risk in building projects. We discussed the threat to digital information and why cyber security needs to be an integral part of construction and refurbishment projects.

In part two we look at the process itself – how to manage BIM implementation and why managing the risks to building information doesn’t stop at the end of the build. Continue reading “How to manage Building Information Modelling (BIM) implementation – Part 2 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

An introduction to Building Information Modelling (BIM) – Part 1 of 2

Building Information Modelling

 

 

 

 

 

 

 

 

If you run your own construction business or manage large building projects, you will know about the many professions and trades that need to come together to contribute to a modern building or refurbishment. But does information risk and cyber security come into your thinking? If not, it should.

Such projects require detailed information to be transferred between partners such as designers and architects at the planning stage, followed by the construction teams.  A variety of software tools are available to support this process such as 3D modelling packages, CAD software and project management tools.

All of this generates large volumes of data that must be accurate and which has to get to the right people on time. What’s more, it has to be safe from threats – and remain that way. Continue reading “An introduction to Building Information Modelling (BIM) – Part 1 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

The UK Cyber Security Strategy 2016-2021 – A New Sheriff in Town?

UK cyber security strategy 2016

 

 

 

 

 

 

 

 

On 1st November 2016, the Chancellor of the Exchequer launched the latest UK Cyber Security Strategy. In a year that has seen rising international tensions around hacking, Philip Hammond commented that hostile “foreign actors” were developing techniques that threaten the country’s electrical grid and airports.

The £1.9bn new strategy will also help enlarge specialist police units that tackle organised online gangs – and contribute towards the education and training of cyber security experts. The programme is funded until the end of 2020. Continue reading “The UK Cyber Security Strategy 2016-2021 – A New Sheriff in Town?” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Supply Chain Cyber Security – defeating the weakest link (Part 2)

Cyber chain 2

 

 

 

 

 

 

 

 

In the first part of this blog we created a scenario of just how easy it is to cause a cyber security breach. ‘Brian’ was a contractor with access to the server room. In moments he’d been able to gain access and steal his client’s intellectual property – all without trace. There was a weak link in their supply chain cyber security which he’d found no trouble to exploit.

In Part 2 we introduce a 4 step supply chain cyber security process – and provide links to guidance on supply chain risks and methodologies for assessing an organisation’s security. We also discuss how far down the supply chain you need to manage. Continue reading “Supply Chain Cyber Security – defeating the weakest link (Part 2)” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Supply Chain Cyber Security – defeating the weakest link (Part 1)

Cyber chain 2

 

 

 

 

 

 

 

 

It’s an everyday story but it could happen in your business – right under your nose and far more easily than you could have imagined. Who’d have thought that a contractor would cost millions in lost revenue and nearly bring the business to its knees? But that’s what a weak link in your supply chain cyber security can do.

Picture the scene… Brian parks in the street around the corner from work and walks down the side of his company building. The back door, propped half open by the fire extinguisher, makes entry a breeze. He takes off his balaclava and walks down the corridor to the server room. Brian provides IT support to this and other local companies and, as IT system administrator, he has the keys to the server room door… Continue reading “Supply Chain Cyber Security – defeating the weakest link (Part 1)” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

“In cyber security there is no front line” – An update to the Cyber Security Model

Trench image

 

 

 

 

 

 

 

For suppliers to the MOD, change is coming. The planned roll out of CSM in August of 2016 has been delayed. We are now expecting the Cyber Security Model (CSM) to be rolled out to large suppliers from January 2017 – with a full launch by April. FATS (a commercial MOD framework) will also go live in April and it is expected to include the contractual aspects of CSM.

To be compliant with the requirements of the CSM, the MOD supply chain will need Cyber Essentials or Cyber Essentials Plus and have information security governance policies in place. 

Ascentor strongly recommend that defence industry companies prepare for CSM by gaining certification to Cyber Essentials in advance – so they are ready to respond to the new contract requirements. In our experience, the larger the business, the more complex and time consuming the process. Don’t delay and put future contracts at risk.

For assistance on any aspect of CSM or Cyber Essentials, please contact Dave James at Ascentor [email protected]

The following article will tell you more about the CSM…


In August 2015 Ascentor first highlighted the proposals from the MOD to manage the risk to its information from supply chain companies by introducing the Cyber Security Model (CSM). The CSM is a methodology to assess the cyber risk for individual contracts which then mandates that suppliers meet a consistent standard of cyber security.

To update our coverage of CSM, we look at recent developments ahead of the planned roll out, now expected at the end of July 2016. Continue reading ““In cyber security there is no front line” – An update to the Cyber Security Model” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Preparing for the NIS Directive – a new cyber security baseline for Europe

New EU Cyber Security Regulations

 

 

 

 

 

 

 

 

In December of 2015, European Union (EU) law makers reached a draft agreement on new cyber security regulations after nearly two years of negotiations. The Network and Information Security (NIS) Directive will increase co-operation between member states and lay down cyber security obligations for operators of Essential Services and Digital Service Providers (DSPs).

The NIS Directive will require qualifying organisations to implement appropriate security measures to protect their networks and data against cyber security incidents and to report serious breaches to regulators. It will certainly affect companies in the UK, barring an EU exit in the summer referendum. Continue reading “Preparing for the NIS Directive – a new cyber security baseline for Europe” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

The Cyber Security Model for the Defence Industries – why it matters and how to be ready

Government Security

 

 

 

 

 

 

 

 

For suppliers to the MOD, change is coming. The planned roll out of CSM in August of 2016 has been delayed. We are now expecting the Cyber Security Model (CSM) to be rolled out to large suppliers from January 2017 – with a full launch by April. FATS (a commercial MOD framework) will also go live in April and it is expected to include the contractual aspects of CSM.

To be compliant with the requirements of the CSM, the MOD supply chain will need Cyber Essentials or Cyber Essentials Plus and have information security governance policies in place. 

Ascentor strongly recommend that defence industry companies prepare for CSM by gaining certification to Cyber Essentials in advance – so they are ready to respond to the new contract requirements. In our experience, the larger the business, the more complex and time consuming the process. Don’t delay and put future contracts at risk.

For assistance on any aspect of CSM or Cyber Essentials, please contact Dave James at Ascentor [email protected]

The following article will tell you more about the CSM…


It has been trailed for some time that the Ministry of Defence (MOD) will soon have a new mechanism to manage supply chain cyber security for the defence industries. Similar to other schemes, the MOD is introducing the Cyber Security Model (CSM). Continue reading “The Cyber Security Model for the Defence Industries – why it matters and how to be ready” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Six Steps to Manage the BYOD Information Risk

BYOD and information securityThe world of technology is moving fast. In this era of consumerisation, BYOD (Bring Your Own Device) is here and it is here to stay. The rapid expansion of workers using their own laptops, smart phones and tablets for work purposes is not a fad. People are becoming more and more attached to their own individual devices.

This can be good news for businesses but those embracing BYOD must do so with their eyes open and not take undue risk with their own information or that of their partners and customers.

To BYOD or not to BYOD, you might ask? Do the risks outweigh the benefits? Continue reading “Six Steps to Manage the BYOD Information Risk” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Latest Insights

Recent Comments

    • Barry Harvey: It is perhaps surprising to hear that a generation we think of as being tech savvy is anything but....
    • David Conway: I can imagine that, even at this stage, many businesses will still be blissfully unaware of this...
    • Sonja Jefferson: Are you going to be offering that training for ‘normal, non-techie people that now have...
    • Dave James: @Colin Robbins: Yes, Its really illumintaing isnt’t it. Provides a bit of context to the recent...
    • Colin Robbins: Very interesting report. I find it staggering that 26% of companies had not briefed their boards on...
  •