#plaincyber

This is the Tower of London. I was recently passing and took a snap, but pondered "why is it surrounded by so much security?"... Well, presumably because it contains the "crown jewels", somebody has assessed the risks and put in the appropriate controls to try and stop something bad happening. Too many times I hear and read about controls, buying this and that to stop this and that. But, not much time is spent on the thing you are trying to protect, the asset. And, where that asset is, who can (needs to) access it, why you need it, how long you need to keep it, and whether it moves around. I suspect with the new General Data Protection Regulation (GDPR) you are going to be forced to answer these questions. Even if you are not in the European Union (EU). The case for the Tower of London is relatively simple as it involves a physical asset, but when you are considering electronic information it is less simple to just know where it is. Consider one email wit...