Compliance

Cyber-security must reflect risk not just regulation

Cyber-security must reflect risk not just regulation

Security is often closely associated with standards and regulations, and there's an assumption that if you are compliant, by default you are secure. That's a dangerous assumption says Nadav Shatz.

Comply to supply - Firms to prove their cyber-credentials or risk losing business

Comply to supply - Firms to prove their cyber-credentials or risk losing business

If cyber-crime wasn't considered a business risk before, it is certainly being pushed to the front and centre stage by large firms now, says Chris Dye who urges adoption of file-regeneration technology.

With GDPR imminent, it's crucial we tackle the biggest myths surrounding data regulation and cyber-security

With GDPR imminent, it's crucial we tackle the biggest myths surrounding data regulation and cyber-security

Lillian Pang addresses some of the most common misconceptions surrounding the new GDPR legislation

Unaware and under attack: why small businesses must wake up to the cyber-crime threat

Unaware and under attack: why small businesses must wake up to the cyber-crime threat

Sian John discusses why SMEs should care about having security measures to protect their business since if they fail to comply to with GDPR and other regulations, they can lose a lot of money

Panel: Obsession with regulatory compliance doesn't guarantee good cyber-security

Panel: Obsession with regulatory compliance doesn't guarantee good cyber-security

By

Companies should spend less time worrying about meeting minimal requirements for cyber-security compliance, and concentrate more on how to protect their most sensitive operations, according to experts speaking today at SC Congress Chicago.

82% of global and IT business pros are concerned about GDPR compliance

82% of global and IT business pros are concerned about GDPR compliance

By

New global research from Dell reveals the lack of awareness among SMBs and large enterprises of the requirements of the EU's GDPR, going into effect in under two years

Enabling security and compliance in a complex multinational framework

Enabling security and compliance in a complex multinational framework

Paul Donovan explains the security issues prevalent for today's multinationals, and how to instigate centralised policies to help manage security and compliance.

SWIFT did not monitor weak security practices of its users - report

SWIFT did not monitor weak security practices of its users - report

By

Former board members and senior employees at SWIFT, said the company did not monitor or make attempts to improve the poor security practices of its clients.

How a 'compliance mindset' can provide bad guys with short cuts if we're not careful

How a 'compliance mindset' can provide bad guys with short cuts if we're not careful

Jonathan Sander discusses why compliance is always a race to the bottom and how security as regulation takes executives off the front lines

IT security pros compromise ethics and mostly 'fire-fight', not do security work

By

Over a quarter (28 percent) of cyber-security professionals compromise their ethics to pass audits, likely due to growing network complexity and disparate technology, security and more to keep cyber-criminals at bay.

Nine out of 10 UK organisations vulnerable to data threats

By

Eighty-nine percent of UK organisations feel somewhat or more vulnerable than they have been in the past to internal and external threats to sensitive data.

IT pros in financial services assert ability to detect breaches

By

Data breaches in the worlds of banking, credit and finance have nearly double between 2014 and 2015 according to the Identity Theft Resource Centre's 2015 Breach List report. Despite being unsure of how long it would take, IT pros in financial services are very confident in their ability to detect a breach.

Keeping abreast of governance risk and compliance goals

Keeping abreast of governance risk and compliance goals

More data is shared online every second today than was available across the entire internet 20 years ago. It is therefore no wonder that thriving in the resulting big data economy requires advanced tools says Lubor Ptacek.

PCI SSC pushes back deadline for secure TLS

PCI SSC pushes back deadline for secure TLS

By

The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.

SCNY Congress panel: Mind the gap! IT security

SCNY Congress panel: Mind the gap! IT security

By

The SC Congress NY conference took place yesterday, 20 October.

PwC: Almost all large companies suffered a data breach last year

PwC: Almost all large companies suffered a data breach last year

By

A government-commissioned report, carried out by PwC, has found that data breaches are rolling in thick and fast for UK firms - and the costs are mounting up.

PCI gives 14 months to fix high risk SSL problem

PCI gives 14 months to fix high risk SSL problem

PCI DSS v3.1 has been announced in a bid to close known security vulnerabilities in SSL and some TLS protocols;14 month transition.

Companies getting better at PCI DSS compliance, finds Verizon

Companies getting better at PCI DSS compliance, finds Verizon

By

Verizon's fourth annual report into PCI DSS compliance finds that not a single breached company over the last decade has been fully compliant with PCI standards at the time of breach. However, there is at least light at the end of the tunnel.

PCI DSS 3.0, responsibility and protecting against third party access

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

ICYMI: EU data protection, iPhone spyware and Flash zero-days

ICYMI: EU data protection, iPhone spyware and Flash zero-days

By

The latest ICYMI column looks at the biggest stories on SC this week, including worrying news on EU data protection laws, claims of iPhone spyware and new Flash Player zero-days.

UK government extends Cyber Essentials to charities

UK government extends Cyber Essentials to charities

By

The UK government has partnered with the IASME consortium and the Give01Day not-for-profit organisation to offer Cyber Essentials certification to UK charities to help them keep safe online.

UK government contractors must comply with Cyber Essentials

UK government contractors must comply with Cyber Essentials

By

The British government will demand that all its suppliers comply with the five cyber security requirements set out by the Cyber Essentials scheme from October 1.

What are the rules in cyber-warfare

What are the rules in cyber-warfare

Cyber-warfare is so new that the 'ground-rules' are still being established. After the 2007 APT cyber-attack on Estonia, Nato created a cyber-defence centre and the Tallinn Manual ensued. Nazan Osman provides an overview of some of the CCDCOE's and manual's conclusions

Cyber Essentials: benchmarking best practice

Cyber Essentials: benchmarking best practice

By

From October 2014 many UK public sector information handling projects will require contractors to be Cyber Essentials certified. Tony Morbin looks at how the scheme works, its aims, implementation, shortcomings and potential next steps

What the Cyber Essentials Scheme means for UK business

What the Cyber Essentials Scheme means for UK business

The government's initiative to set a baseline certification scheme for cyber security, Cyber Essentials, is now underway and John Godwin encourages companies to get certified as soon as possible.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US