If your business is a house, with all that you hold precious contained inside it, then a vulnerability assessment is the regular checking of doors and windows to ensure..
What constitutes a cyber-mature organisation? Here’s a clue: it has nothing to do with size or age, sector or niche specialism, whether it is online or has a physical..
It’s easy to see why many people think cyber security is a mysterious Dark Art. After all, it has a language of its own, full of acronyms, jargon and..
PCI DSS compliance is like car maintenance; to ensure your vehicle remains roadworthy throughout the year you need to practise an ongoing programme of routine repairs, regular servicing and..
Sherlock Holmes could identify the state of mind, occupation and personal history of those he met by observing miniscule detail, drawing insight into crimes from information overlooked by others...
By Katie McMillan – Senior Information Security Consultant “Life is more fun when you treat its challenges in creative ways” – Bill Gates There is nothing more frustrating..
A breach at any time of the year is bad for business. But with the highest volume of sales – both retail and online – occurring between Black Friday..
We are sometimes asked the question, why get ISO27001 certification? The answer is that the ISO standard, and ISO 27001 compliance in particular, demonstrates that your organisation takes information..
By Tom Fairfax, Managing Director If you were asked to sell your soul to a stranger…. what price would you ask? The ancient Egyptians believed that a person’s soul had..
One of the most significant elements of the current cyber threat landscape is the amount of time it takes to actually detect and contain a breach. In a study..
In 2017 the Independent Schools’ Bursars Association (ISBA), which supports over 1,000 senior management staff in schools, stated that cyberattacks in schools can no longer be considered ‘isolated incidents’...
This article first appeared in the Q3 edition of Casino & Gaming International (CGi ) and appears here with their kind permission. As the implications of the General Data..
If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..
There is a worrying trend in the world of cyber safety. Many companies believe that cyber insurance will protect against any damage associated with a breach. It is vital..
By Paul Brennecker, Principal Security Consultant and Lead QSA Paul Brennecker gave a presentation at PCI London on 5th July 2018 and this article first appeared in that event’s..
If history teaches us one thing it is that there is no going back. It started with the First Industrial Revolution which used water and steam power to mechanise..
While many schools are concerned about the advent of the General Data Protection Regulation (GDPR) and what it means for the collection and holding of data, permissions and consent,..
As organisations endeavour to be as proactive as possible to protect themselves from a cyber attack or security incident, do you have access to the correct Incident Response expertise..
A recent investigation by the Information Commissioner’s Office (ICO) highlights an interesting aspect of the current system. Although the ruling against Yahoo! was announced on 12th June 2018, three..
There is a curious irony that the enactment of the General Data Protection Regulation (GDPR), drawn up to protect the rights of individuals and their right to online privacy,..
In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..
eDisclosure (sometimes known as eDiscovery) is a complex process. With automated tools available some opt to manage these in-house but, unless highly skilled and experienced personnel are involved in..
by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..
For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..
Register for the free SRM Incident Response and Forensic Expertise webinar here. As organisations endeavour to be as proactive as possible to protect themselves from a cyber attack or..
To be truly resilient against potential attacks, it is not enough to simply look at patching the last one, but to anticipate the next. When commenting on the news..
The news has been full of concerns that foreign powers are using state-sponsored hacking as a means to undermine the infrastructure of foreign powers. While it is irresponsible to..
The problem with cyber resilience is in the name. When it comes to managing the risk posed by potential hackers and the requirement for robust testing and defence protocols,..
The recent April 2018 Trustwave Global Security Report reveals new global trends in the world of cyber hacking; most notably a move away from smaller high volume point-of-sale (POS)..
More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..
SRM is hosting a free eDisclosure webinar on Wednesday 18th April at 3pm. We find ourselves in an ever changing eDisclosure landscape. Join us for our upcoming webinar during..
We already know that the concept of thinking like a potential hacker is the basis of penetration testing. But merely thinking like a hacker is not enough. We must..
The world of higher education is about to be turned on its head. This is due to the imminent enactment of the General Data Protection Regulation (GDPR) which will..
Discussions with clients in recent months have revealed that there is some confusion over the General Data Protection Regulation (GDPR) and the new UK Data Protection Bill (DPB) which..
The law regarding personal data will change on 25th May 2018 when the EU General Data Protection Regulation (GDPR) comes into effect. Replacing the UK Data Protection Act 1998,..
May 2018 is a big month for cyber security. Not only will the EU General Data Protection Regulation (GDPR) come into effect but a new UK Data Protection Act..
15:00 – 15:45 Thursday 8th March 2018 Have you tested to check your GDPR compliance? A key aspect of GDPR compliance is demonstrating that your systems are secure. Penetration..
As with any statistical report, the numbers in the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018 provide a dizzying variety of analytical options. However,..
This week’s report that more than 5,000 websites, including that of the Information Commissioner’s Office (ICO) have been hacked, shows that it really can happen to anyone. Other affected..
GDPR compliance: key issues facing law firms Only 25 per cent of law firms consider themselves to be compliant with the forthcoming EU General Data Protection Regulation (GDPR) which..
SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing. How a responsive Test and Exercise strategy..
The 25th May 2018 is not an end date. Far from it. It marks the beginning of a new era in data protection but one that will continue to..
It is one thing knowing that the General Data Protection Regulation (GDPR) is coming and that compliance is mandatory from 25th May 2018. It is quite another to know exactly..
In a recent interview with SC Media, Amazon Web Services (AWS) Chief Information Security Officer (CISO) Stephen Schmidt explains how his organisation is set up for full General Data..
(left to right: Mark Nordstrom (SRM), Jane Gibson, James Hopper (SRM), Toby Gibson, Tom Fairfax (SRM), Alan Batey (SRM) (Press release 11/01/18) Leading North East litigation practice Gibson &..
The global eDisclosure market is forecast to rise from $6,000 million in 2016 to $13,000 million by 2023. Law firms across the world are therefore increasingly looking to develop..
Disproving the idea that there is no such thing as bad publicity, the shipping company Clarksons is doing its level best to limit the PR damage caused by a..
By Gerard Thompson, Information Security Consultant With over 3,500 MPs, lords and staff, being a computer security administrator in the Houses of Parliament must be a stressful job. They..
PWC’s 25th Annual Law Firms Survey found that 73 per cent of respondents had suffered a security incident in 2016. These ranged from insider threats to the phishing of..
Research by the data science and marketing services company Profusion has revealed that UK businesses are falling behind their European counterparts. The report highlights the lack of Chief Data..
SRM’s GDPR specialist Melanie Taylor explains some of the challenges faced by women trying to get into the world of IT ‘I don’t understand why a woman with a..
When the General Data Protection Regulation (GDPR) comes into effect in May next year it will not require organisations to notify the ICO about what data they hold or..
by Alan Batey Information Security Consultant and Forensic Investigator In today’s world, evidence in legal cases is sourced from the vast quantities of Electronically Stored Information (ESI) that exists..
As our world gets increasingly complex we must choose the levers we use to influence it with care. One way to look at this is through the lens of..
Delegates at the PCI SSC Europe Community Meeting in Barcelona this week will have a lot on their minds. Changes to compliance, the security of customer payment card data,..
By Andrew Linn, Principal Consultant The news this year has been full of high profile hacks on large organisations. These have included viral and ransomware attacks which have brought..
For many years the terms eDiscovery and eDisclosure have been used interchangeably. The general rule was that eDiscovery was a US term while eDisclosure was more commonly used in..
Security Risk Management is offering a free day’s consultancy in support of National Cyber Security Awareness Month. October may, for many, be associated with the ghouls and ghosts of..
James Hopper and Paul Brennecker of SRM will be attending the Europe Community Meeting in Barcelona 24th – 26th October. Organised by the Payment Card Industry Security Standards Council..
Barrister fined by ICO for data protection breach A recent ruling by the Information Commissioner’s Office highlights the responsibility of professionals to safeguard client data held on their home..
Why board level commitment is a vital part of cyber defence It is difficult to defend against an attacker who only needs to succeed once. Security systems might defend..
The new UK Data Protection Bill, published today, will come into force next May. As part of the multi-million pound National Cyber Security Strategy, the new legislation will effectively..
Cyberattacks do not recognise national boundaries, as the latest breach concerning the US credit rating firm Equifax proves. So although the company has now reported the breach of 143..
University Chief Information Security Officers (CISOs) have had a tough time lately. According to information acquired under the Freedom of Information Act by The Times newspaper, some of the..
Statistics provide useful evidence of the trends developing within the world of information security. Figures compiled from reported attacks in the United States for July 2017 give us a..
Monday’s Government survey of Britain’s FTSE 350 companies has revealed some worrying statistics. The report analyses how the boards of the UK’s largest businesses deal with cyber security and..
A survey for the BBC has discovered that poor data-stripping on websites leaves information in place which provides valuable intelligence for Spear Phishing attackers. By not removing key metadata,..
It is rare that anyone ever feels much sympathy towards the behemoths of the internet, Facebook and Google. But spare a thought for these giants when it comes to..
As Game of Thrones fans watch the unfolding drama in Westeros on their TV screens, corporations around the world are equally riveted by the now public battle for HBO’s..
Security consultants talk about “Security by design” … and to be fair, most of us believe in it! The trouble is that to much of society, it is at..
The summer months are traditionally a time when hard-working people take a break. Those left in the office can end up feeling over-stretched or less-motivated than normal. But it..
‘Hi to all mankind’. Thus began the email sent to journalists by hackers who have reportedly stolen 1.5TB of files and videos from entertainment giant HBO. What has made..
This month Visa has reported an increase in the number of network intrusions involving service providers. It also reports increases in re-breaches of merchant payment environments and skimming incidents..
Time is running out for UK businesses. By 25th May 2018 every business, charity and organisation needs to be ready for the General Data Protection Regulation (GDPR). Because from..
by Melanie Taylor, Information Security Consultant “With less than a year to the deadline for compliance with the General Data Protection Regulation, all companies should have assessed what they..
While most businesses are pleased to receive free publicity, spare a thought for Berkshire-based Boomerang Videos. Not only did the firm’s website suffer a cyber attack in 2014, but..
It’s official. It was widely expected that the EU data protection rules contained within the General Data Protection Regulation (GDPR) would be implemented by the UK, regardless of the..
By Tom Fairfax Talking to a well-respected and hitherto successful businessman at an event recently, he mentioned the NotPetya malware attack and then dismissed it as “another one of..
By Paul Brennecker, Principal Consultant, CISM | PCI QSA | PCI PFI | PCIP There is a saying that a chain is only as strong as its weakest link. This,..
Complacency has always been the enemy of safety; in today’s world, we are all vulnerable! The digital (cyber) environment may sometimes be opaque and difficult to understand, but it..
In December 2016 the Information Commissioner’s Office (ICO) fined a historical society £400 after a laptop containing personal data was stolen while a member of staff was working away..
Data protection is a global issue. Yet it is being approached in very different ways on either side of the Atlantic. While Europe and Britain will embrace the more..
Being known as the source of the largest data breach in history is probably not how Yahoo would like to be remembered. The reputations of eBay, Linkedin, MySpace, Talk..
The fact is that all too often the first someone knows that their system has been breached is when they receive a call from their acquiring bank. Someone has..
By Paul Brennecker, Senior Information Security Consultant & Principal QSA There is something of the Tim Berners-Lee about open source software. Unlike proprietary software, where the code is a jealously..
The Chancellor recently announced a £425 million government investment in the NHS over the next three years. While pundits speculate on what this will actually mean for our vital..
By Paul Brennecker, Senior Information Security Consultant & Principal QSA The Payment Card Industry Data Security Standard (PCI DSS) lists a number of myths relating to PCI compliance. One of..
Spare a thought for the University CISO: ‘As a group, CISOs live on a knife’s edge and do not sleep very well. They know that a breach is inevitable.’..
As Britain navigates its way through the choppy waters of Brexit, there is a great deal of uncertainty about exactly what form our new relationship with Europe will take...
There is a new face at the forefront of investigating cybercrime in the UK. Newcastle-based Security Risk Management has achieved another success for its SRM Academy Programme. With over..
While all of us are aware of the need to protect our organisation’s technology from potential threats and security breaches, few are fully aware of the gaps that exist..
Politicians do tend to favour soundbites and Theresa May is no exception. So when she said that “Brexit means Brexit” some nodded their heads as if this simple statement..
By Kane Cutler In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters..
When is a plan not a plan? When it is an out-of-date plan. The latest research from the industry-respected Ponemon Institute, reveals that 26 per cent of IT and..
General Data Protection Regulation (GDPR) is an impatient tiger. That is, it has many more teeth and much less patience than its predecessor, the comparative kitten that is..
‘Do not wait until it’s too late – engage a PFI company now!’ That is the advice given by Jeremy King, International Director, PCI Security Standards Council in his closing..
The numbers on payment cards are going to become longer. This is because of changes which are being made to the international standard (ISO/IEC 7812) under which Issuer Identification..
Information security breaches can and do happen, even to the best prepared organisations. Every year, companies that have demonstrated ongoing PCI DSS compliance will still fall victim to an..
There are a lot of online registers for reputable tradesmen. Many of these provide contact details for reliable plumbers in any given area, together with ratings and personal recommendations...
Penetration testing and vulnerability scanning are sometimes confused. After all, they sound as if they might do a similar job. But there are important differences. Also known as..
‘Twas the night before Christmas, and all through the house, Not an iPad was stirring, nor PC or Mouse; The shopping had been done on the internet..
How a correctly-scoped penetration test will future-proof your organisation from real world cyber attacks. In the aftermath of Black Friday comes Grey Monday. The day of reckoning. Because although..
We hear a lot about the Internet of Things (IoT) on the web nowadays and the TV is full of adverts for Central heating systems that you can control..
Mike Tyson once said, “Everyone has a plan until they get punched in the mouth.” As he is perhaps best remembered for his infamous ear-biting antics, he is unlikely..
As Universities return for the beginning of a new academic year, never has the role of Chief Information Security Officers (CISO) been more important. Some will be continuing an..
The Dalai Lama said: ‘When you talk, you are only repeating what you already know. But if you listen, you may learn something new’. It is, of course, doubtful..
“The single biggest problem in communication is the illusion that it has taken place.” said George Bernard Shaw. This can be true in so many aspects of life and unfortunately,..
How much control is too much when it comes to social media? Organisations spend millions on their marketing campaigns in the hope and expectation of raising brand awareness and..
The 23rd June referendum is fast approaching and it is getting increasingly difficult to get simple answers to simple questions. As we think about how we will vote, just..
“Technology is so unreliable” is a phrase you often hear following something going wrong at a critical moment. One of the greatest misconceptions is that our day to day..
Businesses in Scotland can receive up to £1,500 to help develop their cyber security as part of a Cyber Resilience Programme. The Digital Scotland Business Excellence Partnership (DSBEP) has..
Newcastle-based Security Risk management (SRM) Ltd is addressing the national shortage of top level qualified cyber security consultants by employing individuals with potential and then providing training in house...
Whatever the result of the EU Referendum, there are some aspects of our relationship with Europe that are unlikely to change, as long as we continue to engage in..
Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so what..
Cybercrime in 2015 was nothing short of epic. No one could have anticipated headline news stories such as Sony Pictures Entertainment hacked by a group allegedly sponsored by North..
Decentralized cryptocurrencies and Dark Web cartels challenge the effectiveness of legislation, jurisdiction and law enforcement. This poses the question, when the economy is becoming more and more dependent on..
The eagerly anticipated update to the global Payment Card Industry Data Security Standard (PCI DSS) has been released today, Thursday April 28th 2016. This update to the standard has..
One of the greatest misconceptions about cyber-crime is that you need to be a computer geek to be a cyber-criminal. The truth is the cyber-crime industry is starting to..
A company trying to navigate the minefield of info-security compliance may think of it as a daunting task. On one side is PCI DSS and Data Protection while on..
Gaining Cyber Essentials certification protects a business’ reputation as well as its cash flow. With over £50 billion in annual online retail sales in the UK, it is becoming..
“We do not negotiate with terrorists” is a patriotic statement used by many countries. Does this notion still hold when you risk losing your data? The short answer is..
With the PCI Council set to release version 3.2 of the PCI DSS imminently, the subject of migration away from weak session encryption protocols is becoming a hot topic...
Search Engines like Google and Safari only have access to about 4% of the information on the web. The other 96% is what is referred to as the Deep..
Bitcoin is arguably the biggest shift in digital enterprise since the beginning of E-commerce – and has proved to have the potential to make even bigger changes to our..
There was a time – back in the halcyon days of the 1990s – when cyber criminals and cyber security was so much simpler. At that time, anti-virus software..
By Paul Brennecker, Principal QSA, PCI PFI, PCIP The countdown to European-wide data protection is on. But while some businesses will be anxious about how to ensure compliance with..
By Kane Cutler, PCI QSA, Tiger QSTM, CEH Although statistics show that skydiving is a relatively safe pastime, things do sometimes go wrong. Since 2004 653 people have lost..
2015 ended on a bombshell of legislative changes creating an air of unwelcome uncertainty for businesses. Yet, they need not be a cause for concern. The announcement of the..
by Michelle Ali Time spent online exceeds time spent watching TV -2016 Statistics on Children’s use of the Web The year 2015 was described by the research agency Childwise..
The period September 2015 – January 2016 is covered in this issue of SRM’s breach trend report which looks at businesses that had a requirement for a PFI investigation...
The period June – August 2015 is covered in this issue of SRM’s breach trend report which looks at businesses that had a requirement for a PFI investigation. The..
In spite of awareness of the enormous financial implications of PBX fraud since 2013, cases continue to come to light. Police force cyber crime teams have recently been dealing..
In a landmark case, Affinity Gaming is seeking $100,000 in damages from its cybersecurity provider Trustwave over how the company allegedly handled a data security breach which cost the casino..
Newcastle-based Kane Cutler becomes youngest cybercrime expert drafted into exclusive Payment Card Industry investigation team Newcastle-based Kane Cutler has been accepted by the Payment Card Industry Security Standards Council..
As with any black hat related activity, innovations are always emerging to circumvent security and exploit vulnerabilities. Older forms of ransomware was mostly kept by specific groups of hackers that..
As New Year resolutions go, enhancing personal cyber security may not be as high on people’s lists as that resolution to take out a new gym membership or embark..
By Chris Ince, Information Security Consultant, Security Risk Management Ltd LinkedIn recruiting scams are not a new threat to most. Many users of the professional network face this ever..
Making a case for the VirtualCISO Few company directors have a deep knowledge of corporate law, or a detailed understanding of investment planning or tax implications. They employ offsite..
By Chris Ince, Information Security Consultant “The processing of personal data should be designed to serve mankind.” (Council of the European Union, 2015) On 8th December the European Parliament, Council..
By Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd Last week we saw another significant breach of over 650,000 records of customers’ data from..
WHAT DOES GOOGLE KNOW ABOUT YOU? “Knowledge is Power” – well Google have taken this phrase to a whole new level. Google is one of the biggest driving forces..
As major retailers across the country announce the recruitment of additional security staff to safeguard shoppers on Black Friday, it is also time for online businesses to ramp up..
By Mustafa El-Jarrah Information Security Consultant, Security Risk Management Ltd Exploits appear in trends with the magnitude and duration of these trends exacerbated by the community edition download zip not..
By Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd “Is it hard?’ Not if you have the right attitudes. It’s having the right attitudes..
By Tom Fairfax, Managing Director, SRM Whilst everyone has a responsibility to manage their Cyber Security to the best of their ability, no-one is completely safe and despite their..
There have been a number of news reports in recent days about people erroneously transferring large sums of money to fraudsters who have intercepted their email traffic. In one..
Data security in the gambling industry by Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd Complying with the mandatory security regulations within the gambling industry may appear..
This week the European Court of Justice ruled that the transatlantic Safe Harbour agreement, which lets American companies use a single standard for consumer privacy and data storage in..
Small businesses are targeted deliberately by cyber criminals because they frequently lack effective defences or even the ability to detect an attack. But those who do not have adequate..
In an ‘ethical experiment’ conducted earlier this year, a primary school child hacked into a free public WiFi hub in just over ten minutes. The young hacker, a seven-year-old..
Local MP praises e-safety contract for iNorthumberland project As superfast broadband is rolled out across the region the iNorthumberland Business Support service has appointed Northumberland-based firm Security Risk Management..
by Brian Fenwick, Operations Director Financial Fraud Action UK (FFA UK) has published its 2015 Annual Review. The organisation, which is ‘responsible for leading the collective fight against fraud..
When a group calling itself the Impact Team decided to release all customer records, including profiles of the 37 million users of the adultery-themed dating site Ashley Madison, they..
Ian Armstrong briefly outlines the facts about the new ISMS standard 27001:2013 What is it? 27001:2013 27001:2013 is the updated information security management system (ISMS) standard which was published on..
by Paul Brennecker Merchants can enhance data protection and simplify compliance efforts by adopting the PCI-approved point-to-point (P2PE) Standard v 2. Simpler to adhere to than the original version,..
By Paul Brenneker Those who have had involvement with PCI Data Security Standards (PCI-DSS) will know that Penetration Testing has been mandatory since the PCI standard was first issued...
In the last twelve months, Security Risk Management (SRM) ltd has been contacted by over 65 companies legally required to seek assistance in securing data breaches. The largest number..
Last month, Tom Fairfax, Managing Director of Security Risk Management Ltd joined forces with Robert Newcombe, Barrister with Dere Street Barristers, to deliver a talk on Managing Cyber Threat...
The simple television is a thing of the past. The Smart TVs of today have much more in common with devices like smart phones and tablets than with the..
by Michelle Ali This blog first appeared within the VE-SO Portal in March, as one of the regular updates for school E-Safety Officers. It now appears here for general information. The impact..
By Paul Brennecker, Principal QSA at Security Risk Management Ltd On Wednesday 15th April 2015 the PCI SSC (Payment Card Industry Security Standard Council) published the PCI DSS Version..
By Mustafa El-Jarrah, Information Security Support Consultant at Security Risk Management Ltd The North East Cyber Security Cluster was launched on the 12th February 2015 at the Digital Skills..
When it comes to e-safety, schools are faced with a conundrum: the vast majority of today’s school-age children could be termed ‘digital natives’ but those who are tasked with..
The Internet has brought unprecedented access to a world of learning opportunities. Yet, recent reports show that the widespread use of technology in education comes at a price. A..
By Tom Fairfax Traditionally, computer forensic investigations are seen as reacting to historic incidents and understanding what went wrong retrospectively. But in the cyber world, forensic investigation is a..
Government hates a policy vacuum. So, while CESG, the UK government’s National Technical Authority for Information Assurance, has brought about changes to the management of Internet Security within government..
In 2015, the good news is that businesses are getting better at achieving full PCI compliance. In fact, fully compliant organisations rose from 11.1% in 2013 to 20% by..
As a fairly seasoned security professional, I’ve seen a few ingenious ways of trying to separate unsuspecting members of the public from their personal data. Everything from shoulder surfing..
The latest document published by the Cabinet Office in relation to the UK Cyber Security Strategy provides an update of progress throughout 2014, and the plans moving forward in..
Last month dozens of images of British children were discovered on a Russian website used by paedophiles. Until they were tipped off, the parents of the children involved had..
Internet safety specialist Security Risk Management Limited (SRM) is today unveiling its bespoke on-line Virtual E-Safety Officer (VE-SO) portal for schools. The portal will provide access to resources and..
by Michelle Ali 1) Have a defined protocol to report and resolve incidents that have occurred With more and more students being more active on the internet, naturally the number..
by Michael Dick, Director The opinions expressed in this blog are Michael’s own and not those of SRM. I was addicted to the Sopranos, the story of US gangsters,..