• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

David Lilburn Watson

---

• Overview
• Business sectors
• Key skills
• Qualifications

Overview

David heads up the governance, risk, compliance, information assurance, management systems and forensics practice at Business Compliance and Recovery Management Ltd, He is responsible for the coordination and efficient delivery of these assignments.

David began his career with British Telecom and, prior to becoming an independent security consultant in 1989, was employed in the Computer Crime & Security Unit of the Investigation Department.

He has assisted a number of companies to achieving ISO 9000, ISO 27001, ISO 20000 and BS 25999 certification as well as implementing appropriate business driven security in a number of organizations.

He has carried out forensic investigations into almost 50 cases in the last three years, including fraud, theft, 419 fraud, IPR theft, auction fraud, paedophilia, corporate abuse, email investigations, data recovery, hacking, general corporate abuse and other criminal and civil issues.

He is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA) and a Certified Fraud Examiner (CFE). In addition to specialised security certifications he is a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), and an Advanced Certified Computer Forensics Technician (CCFT).

David has led Business Compliance and Recovery Management Ltd to ISO 27001, BS25999 and ISO 9001 certification, making it one of very few consultancies to hold such important credentials in the field of information assurance and forensic services.

Business Sectors

David has worked in the following industry sectors:

• Banking (Retail, Wholesale, Investment, Clearing);
• PetroChemical;
• Professional Services Organisations;
• Insurance;
• Government;
• Pensions;
• Identity Management;
• Legal;
• Insurance
• Police Forces;
• IT Companies
• Publishing;

Key Skills

• Auditing (Mainframe, Mini, and PC / Servers as well as Certification Body Auditing);
• Base lining systems to security policy;
• BS 7799 (now ISO 27001), ISO 9001 and BS 15000 ((ITIL) now ISO 20000) Implementation and Auditing;
• Creating Security Policies, Standards, Procedures and Processes;
• Compliance auditing to SOx, GLB, HIPAA, SAS 70, PCI DSS, FSA requirements incl CP142;
• Data Protection Act 1998 Compliance and Consultancy;
• Disaster Recovery, Business Continuity & Contingency Planning including BS 25999 (latterly PAS 56);
• Due Diligence and Audit;
• Expert witness;
• Forensic Computing and evidence recovery;
• Government Security (JSP 440 and MPS) including InfoSec Guides and RMADS creation
• Information Governance (COSO, CobIT, ITIL and ISO 27000)
• Mainframe Security and Access Control;
• Network Security (Mainframes, UNIX, Windows, Linux and the Internet)
• Networking (TCP/IP, LANs, WANs & Interconnectivity)
• Outsourcing security issues including SLAs and performance
• Project Management (PRINCE 2, PMI)
• Risk Assessment, Management and Treatment (including ISO 31000, BS 31100, AS4360, ISO 13335, BS 7799/3, Octave, Mehari, HMG)
• Security (Computer & Physical)
• Security Architectures and implementation
• Training and development of training courses

Qualifications

• Fellowships and Memberships;
• Certifications;
• Postgraduate;
• Others.

Fellowships and Memberships

• Fellow, British Computer Society (FBCS);
• Fellow, Institute of Analysts and Programmers (FIAP);
• Fellow, Institute of Information Systems Management (FIMIS);
• Fellow, Royal Society of Arts (FRSA);
• Fellow, Institute of Management Consultants (FIMC);
• Fellow, Institute of Communications, Arbitration and Forensics (FICAF);
• Member, Business Continuity Institute (MBCI);
• Member, Chartered Institute of Arbitrators (MCIArb);
• Member, International Institute of Risk and Safety Management (MIIRSM);
• Associate Member, Emergency Planning Society (AMEPS);
• Associate Member, Institute of Fire Prevention Managers (AMIFPM);
• Associate Member, Institute of Fire Safety Managers (AIFSM);
• Associate Member, International Institute of Security Professionals.

Certifications from Professional Bodies

• Certified Computer Crime Investigator (CCCI);
• Certified Computer Forensics Technician - Advanced (CCFT);
• Certified Fraud Examiner (CFE);
• Certified Information Forensics Investigator (CIFI);
• Certified Information Security Manager (CISM);
• Certified Information System Security Professional (CISSP);
• Certified Information Systems Auditor (CISA);
• Certified Listed Advisor Scheme (CLAS);
• Certified Management Consultant (CMC);
• Certified Software Manager (CSM);
• Chartered Fellow (BCS - UK);
• Chartered Information Systems Practitioner (BCS - UK)
• Chartered IT Professional (BCS - UK)
• International Systems Security Professional Certification Scheme, System Security Practitioner.

Post Graduate

• MSc - Distributed Computer Networks (University of Greenwich);
• MSc - IT Security (University of Westminster) - Distinction;
• PhD - Open Source Intelligence and the CNI.

Other

• Accredited Expert Witness (CUBS);
• Certificate in Data Protection (1998 Act) (ISEB);
• Certificate in Information Security Principles (ISEB);
• Certificate in Software Management;
• Diploma in Safety Management (BSC);
• BCS Consultancy Register;
• BCS Register of Expert Witnesses;
• BCS Register of Security Practitioners;
• Council for Registration of Forensics Practitioners (Assessor);
• Law Society Checked Scheme (Expert Witnesses);
• UK Register of Expert Witnesses.