3. What Do We Do?
Managing agent and support services to provide access to
funding, particularly government contracts including
Business
development and
bidding services
Removing Barriers
Capacity building consultancy
(data security, management
structure, marketing, business
strategy)
Partnership
brokering
Contract
management
4. Case Study - Integrate South East
Four local charities (ยฃ7.5m turnover, employment programmes expertise,
young people, mental health expertise, local expertise and network)
Opportunities
Special purpose vehicle โ honest broker
Community Interest Company (CIC) for the benefit of the South East
Asset lock โ no profit leaves the community, contract package area
Shares allow for ownership and investment
Each partner in SPV has ownership 25% of Integrate South East CIC
Shared horizon scanning, opportunity sharing
Shared back office services to create scale and efficiencies
Shared purchase of a hotel on Isle of Wight
Consortium to bid for local social services contracts
Collaborative solution design โ millennial veterans programme
5. Case Study - Mencap
ยฃ191m turnover, market leader
National strategy for Department for Work and Pensions
(DWP) contracts
Assessment of strengths for contract delivery
6. Case Study โ Silent Secret
November 2014 startup, social enterprise, social
network
Turnover ยฃ17,360 2014-15
Sourced ยฃ386,000 new income in 22 months
(ยฃ17,580 per month)
Won 2016 EIB European Social Innovation
Tournament in Slovenia (300+ entrants)
Selected for 2017 NHS mental health digital
innovators accelerator
Developed strategic partnership with Mind
7. Capacity Building โ Cybersecurity
Cyber and data security
Boring, technical but vital
Expensive to source expertise
Cybersecurity consultant day rate ยฃ540 UK
median, โIntro to the GDPR for VCSEโ ยฃ195-ยฃ495
This project intends to develop and share learning
and case studies โ recording todayโs session
8. How to be a digitally savvy organisation
Kevin McLoughlin
9. The aim of this presentation is to raise awareness of information &
cyber security and security implications regarding:
1.Personal Data
2.Sensitive Personal Data
3.Principle 7 (Data Protection Act 1998)
4.Organisational Data
5.Cyber Security
6.Protecting Against Cyber Threat
AIM
13. 1.Personal Data
Data which relate to a living individual who can be identified (name, address, D.O.B, National
Insurance etc.)
2.Sensitive Personal Data
Makes special reference to information defined as "sensitive personal data" which refers
specifically to information such as;
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c) his religious beliefs or other beliefs of a similar nature,
(d) whether he is a member of a trade union
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed by him, the
disposal of such proceedings or the sentence of any court in such proceedings.
Definitions of Importance
14. Principle 7 (Data Protection Act 1998)
โAppropriate technical and organisational measures shall be taken
against unauthorised or unlawful processing of personal data and
against accidental loss or destruction of, or damage to, personal dataโ.
Definitions of Importance
16. Governance
The protection of the clients and corporate data is the foremost
concern, and we achieve this in a variety of ways;
1. UK Law
2. Business Obligations
3. Organisational Policy
4. Business Best Practice - Standards
20. 1. Training, Education, Awareness (How often / recorded)
2. Information Security Meetings (Organisational Commitment)
3. Policy / Procedure (Where, when last viewed updated) โ (How disseminated)
4. Audit / Accountability
5. Incident Reporting / Management / Response
Questions and Responses
21. 1. eLearning Package
2. Educational emails
3. Organisational Policy
4. Presentations
5. Posters
6. Screen Saver
7. Staff Handbook
8. Information Security Web Portal
9. Bulleting
10.News
11.Induction
Information Security Training
22. Often the weakest link in security is not technology, but the people who use it.
People let their guard down to attackers when they are tired or distracted by
work. Some feel intimidated. Others just make honest mistakes. It is a fact that
social engineering is often what allows attackers to steal the information they
desire. Firewalls, intrusion detection systems and antivirus software are just tools
to improve security. The biggest security risks to any company are its own
employees. Nearly all information security attacks originate from the inside.
The Weak Linkโฆ..!!!
33. Social Engineering
The art of manipulating people into performing actions or divulging
confidential information.
Typically trickery or deception for the purpose of information gathering,
fraud, or computer system access; in most cases the attacker never comes
face-to-face with the victims.