Monday 21 August 2023

Security Policy

 I spent a lot of time in the bank on Saturday. I had to go there in person to organise transferring the price of a house from one of my accounts to my solicitor. I was expecting it to be a slow process, but my nosiness and belligerence made it take nearly all day. While they were setting up the transfer I witnessed an information security incident. A bank laptop, which had already had the Windows password entered was left unattended with a customer (me). When it finished the (very slow) login process I had access to Microsoft Teams and email but not the banking system.

When I questioned the banker about what was going to happen I was unconvinced that they understood their ISO27001 process for reporting an information security incident, so I insisted that I would witness the incident report. It was boring, but it looks like they did take it seriously and they did follow their process correctly.

Richard "Karen" B

No comments:

Post a Comment