Author Archives: Steve Maddison

Director and Principal Consultant

How to manage Building Information Modelling (BIM) implementation – Part 2 of 2

Building Information Management (BIM) image

 

 

 

 

 

 

 

 

In our first article on Building Information Modelling (BIM), we looked at what BIM is and the types of data at risk in building projects. We discussed the threat to digital information and why cyber security needs to be an integral part of construction and refurbishment projects.

In part two we look at the process itself – how to manage BIM implementation and why managing the risks to building information doesn’t stop at the end of the build. Continue reading “How to manage Building Information Modelling (BIM) implementation – Part 2 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

An introduction to Building Information Modelling (BIM) – Part 1 of 2

Building Information Modelling

 

 

 

 

 

 

 

 

If you run your own construction business or manage large building projects, you will know about the many professions and trades that need to come together to contribute to a modern building or refurbishment. But does information risk and cyber security come into your thinking? If not, it should.

Such projects require detailed information to be transferred between partners such as designers and architects at the planning stage, followed by the construction teams.  A variety of software tools are available to support this process such as 3D modelling packages, CAD software and project management tools.

All of this generates large volumes of data that must be accurate and which has to get to the right people on time. What’s more, it has to be safe from threats – and remain that way. Continue reading “An introduction to Building Information Modelling (BIM) – Part 1 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

The UK Cyber Security Strategy 2016-2021 – A New Sheriff in Town?

UK cyber security strategy 2016

 

 

 

 

 

 

 

 

On 1st November 2016, the Chancellor of the Exchequer launched the latest UK Cyber Security Strategy. In a year that has seen rising international tensions around hacking, Philip Hammond commented that hostile “foreign actors” were developing techniques that threaten the country’s electrical grid and airports.

The £1.9bn new strategy will also help enlarge specialist police units that tackle organised online gangs – and contribute towards the education and training of cyber security experts. The programme is funded until the end of 2020. Continue reading “The UK Cyber Security Strategy 2016-2021 – A New Sheriff in Town?” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Supply Chain Cyber Security – defeating the weakest link (Part 2)

Cyber chain 2

 

 

 

 

 

 

 

 

In the first part of this blog we created a scenario of just how easy it is to cause a cyber security breach. ‘Brian’ was a contractor with access to the server room. In moments he’d been able to gain access and steal his client’s intellectual property – all without trace. There was a weak link in their supply chain cyber security which he’d found no trouble to exploit.

In Part 2 we introduce a 4 step supply chain cyber security process – and provide links to guidance on supply chain risks and methodologies for assessing an organisation’s security. We also discuss how far down the supply chain you need to manage. Continue reading “Supply Chain Cyber Security – defeating the weakest link (Part 2)” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Supply Chain Cyber Security – defeating the weakest link (Part 1)

Cyber chain 2

 

 

 

 

 

 

 

 

It’s an everyday story but it could happen in your business – right under your nose and far more easily than you could have imagined. Who’d have thought that a contractor would cost millions in lost revenue and nearly bring the business to its knees? But that’s what a weak link in your supply chain cyber security can do.

Picture the scene… Brian parks in the street around the corner from work and walks down the side of his company building. The back door, propped half open by the fire extinguisher, makes entry a breeze. He takes off his balaclava and walks down the corridor to the server room. Brian provides IT support to this and other local companies and, as IT system administrator, he has the keys to the server room door… Continue reading “Supply Chain Cyber Security – defeating the weakest link (Part 1)” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

“In cyber security there is no front line” – An update to the Cyber Security Model

Trench image

 

 

 

 

 

 

 

For suppliers to the MOD, change is coming. The planned roll out of CSM in August of 2016 has been delayed. We are now expecting the Cyber Security Model (CSM) to be rolled out to large suppliers from January 2017 – with a full launch by April. FATS (a commercial MOD framework) will also go live in April and it is expected to include the contractual aspects of CSM.

To be compliant with the requirements of the CSM, the MOD supply chain will need Cyber Essentials or Cyber Essentials Plus and have information security governance policies in place. 

Ascentor strongly recommend that defence industry companies prepare for CSM by gaining certification to Cyber Essentials in advance – so they are ready to respond to the new contract requirements. In our experience, the larger the business, the more complex and time consuming the process. Don’t delay and put future contracts at risk.

For assistance on any aspect of CSM or Cyber Essentials, please contact Dave James at Ascentor [email protected]

The following article will tell you more about the CSM…


In August 2015 Ascentor first highlighted the proposals from the MOD to manage the risk to its information from supply chain companies by introducing the Cyber Security Model (CSM). The CSM is a methodology to assess the cyber risk for individual contracts which then mandates that suppliers meet a consistent standard of cyber security.

To update our coverage of CSM, we look at recent developments ahead of the planned roll out, now expected at the end of July 2016. Continue reading ““In cyber security there is no front line” – An update to the Cyber Security Model” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Preparing for the NIS Directive – a new cyber security baseline for Europe

New EU Cyber Security Regulations

 

 

 

 

 

 

 

 

In December of 2015, European Union (EU) law makers reached a draft agreement on new cyber security regulations after nearly two years of negotiations. The Network and Information Security (NIS) Directive will increase co-operation between member states and lay down cyber security obligations for operators of Essential Services and Digital Service Providers (DSPs).

The NIS Directive will require qualifying organisations to implement appropriate security measures to protect their networks and data against cyber security incidents and to report serious breaches to regulators. It will certainly affect companies in the UK, barring an EU exit in the summer referendum. Continue reading “Preparing for the NIS Directive – a new cyber security baseline for Europe” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

The Cyber Security Model for the Defence Industries – why it matters and how to be ready

Government Security

 

 

 

 

 

 

 

 

For suppliers to the MOD, change is coming. The planned roll out of CSM in August of 2016 has been delayed. We are now expecting the Cyber Security Model (CSM) to be rolled out to large suppliers from January 2017 – with a full launch by April. FATS (a commercial MOD framework) will also go live in April and it is expected to include the contractual aspects of CSM.

To be compliant with the requirements of the CSM, the MOD supply chain will need Cyber Essentials or Cyber Essentials Plus and have information security governance policies in place. 

Ascentor strongly recommend that defence industry companies prepare for CSM by gaining certification to Cyber Essentials in advance – so they are ready to respond to the new contract requirements. In our experience, the larger the business, the more complex and time consuming the process. Don’t delay and put future contracts at risk.

For assistance on any aspect of CSM or Cyber Essentials, please contact Dave James at Ascentor [email protected]

The following article will tell you more about the CSM…


It has been trailed for some time that the Ministry of Defence (MOD) will soon have a new mechanism to manage supply chain cyber security for the defence industries. Similar to other schemes, the MOD is introducing the Cyber Security Model (CSM). Continue reading “The Cyber Security Model for the Defence Industries – why it matters and how to be ready” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Six Steps to Manage the BYOD Information Risk

BYOD and information securityThe world of technology is moving fast. In this era of consumerisation, BYOD (Bring Your Own Device) is here and it is here to stay. The rapid expansion of workers using their own laptops, smart phones and tablets for work purposes is not a fad. People are becoming more and more attached to their own individual devices.

This can be good news for businesses but those embracing BYOD must do so with their eyes open and not take undue risk with their own information or that of their partners and customers.

To BYOD or not to BYOD, you might ask? Do the risks outweigh the benefits? Continue reading “Six Steps to Manage the BYOD Information Risk” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Cyber Security for Government Suppliers: New IA Frameworks and Standards Are On the Way

Padlocked keyboardBusiness organisations, including the Institute of Directors (IoD) and the Federation of Small Businesses (FSB) are warning that firms need to actively manage their information risk in order to avoid the growing threat of cyber crime. For any business that is handling government information, there are important steps that must be taken — as well as the prospect of new guidelines this Autumn.

Is your firm in the HMG supply chain?

If your company supplies goods and services directly to the government (HMG) then you are undoubtedly already aware of the growing importance of protecting government information in the face of increasing risks. Your company, or parts of it, may be authorised to hold Protectively Marked client information. So you will know all about the need to demonstrate compliance with HMG Information Assurance (IA) standards and the need for an effective regime for managing information risk.

But what about the other companies that supply HMG organisations — either directly or indirectly — and who hold their client’s data? Many firms are a part of the government supply chain even if they are not long-standing HMG suppliers. If you are handling HMG information and don’t know what HMG IA standards are, or are not sure whether they apply to you or not, then this blog is for you. Continue reading “Cyber Security for Government Suppliers: New IA Frameworks and Standards Are On the Way” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Latest Insights

Recent Comments

    • Barry Harvey: It is perhaps surprising to hear that a generation we think of as being tech savvy is anything but....
    • David Conway: I can imagine that, even at this stage, many businesses will still be blissfully unaware of this...
    • Sonja Jefferson: Are you going to be offering that training for ‘normal, non-techie people that now have...
    • Dave James: @Colin Robbins: Yes, Its really illumintaing isnt’t it. Provides a bit of context to the recent...
    • Colin Robbins: Very interesting report. I find it staggering that 26% of companies had not briefed their boards on...
  •  
    Buy Cialis in UK