This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ICYMI: 'Banksy' sketches GCHQ, Heartbleed rumours & cloud confusion

ICYMI: 'Banksy' sketches GCHQ, Heartbleed rumours & cloud confusion

As another week in information security zips by, we look at the top stories in our weekly In Case You Missed It (ICYMI) column.

More jobs but cyber security skills gap widens

More jobs but cyber security skills gap widens

There's an increasing demand for cyber security specialists in information security, but the challenge remains bringing the right graduates into the fold.

Big Data: A big deal?

Big Data: A big deal?

IT decision makers are leveraging Big Data security analytics tools to serve up more information on threats, reports Doug Drinkwater.

Patching: the unlocked door

Patching: the unlocked door

With Windows XP fast approaching its end-of-support deadline, many firms are going to be at risk of attack, reports Kate O'Flaherty.

Surety Business

Surety Business

The UK aims to be the safest place to do business online, but that aim is potentially undermined by cyber security skills shortages, says (ISC)²'s John Colley. Tony Morbin reports

PCI compliance: The slow road to progress

PCI compliance: The slow road to progress

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

European investigators want cross-border legislation to fight cyber crime

European investigators want cross-border legislation to fight cyber crime

Criminal investigators want changes made to European law so that they can fight international cyber crime faster and more efficiently.

Cyber security 'failure' could result in next major terrorism attack

Cyber security 'failure' could result in next major terrorism attack

Compliance, standards, a shortage in IT security skills and budgets are reasons behind the 'failure' of cyber security, experts conclude at French information security conference

Privacy & security concerns threaten to derail the Internet of Things

Privacy & security concerns threaten to derail the Internet of Things

The world's largest consumer electronics event boasts new gadgets, but concerns rise on the Internet of Things.

Safe Passage

Safe Passage

The latest PCI update offers improvements to ensure security in online transactions, says Tim Lansdale, head of payment security, WorldPay. Tony Morbin reports.

League table Go-Ahead

League table Go-Ahead

In a special one-off case study linking our themes of PCI compliance and security spend, Random Storm technical director and co-founder Andrew Mason describes to SC a case study that tackles both issues with the aid of league tables.

Coping with chaos

Coping with chaos

It may be a time of great change for the infosec industry, but advice on achieving the budgets needed to keep up with new threats remains remarkably consistent, reports Thomas Brewster.

Understanding the role of hacktivism

Check Point VP says individual hacking actions are not always criminal

Keeping up with the bad guys

Keeping up with the bad guys

Malware writing has undergone many changes over the years - from hobbyists to a criminal business - with mobile and social now the hot targets, Rob Buckley reports.

Top 10 issues in IT security for 2014

Top 10 issues in IT security for 2014

From banking hacks and malicious mobile apps to insider leaks and a serious data breach each month, 2014 promises to a challenging year for CISOs.

Out of site, but in mind

Out of site, but in mind

Services abound for business continuity and disaster recovery in the cloud, but what's the right choice for your organisation? Alan Earls investigates the options.

APTs: why you should care and what to do about them

APTs: why you should care and what to do about them

Advanced persistent threats are a real and present danger to all organisations big and small, and only the foolhardy would dismiss them as another hyped security buzz phrase.

Sea change

Sea change

The role of the chief information security officer is expanding to meet new challenges, says Paul Swarbrick, former CISO at NATS, as Karen Epper Hoffman reports.

Mobile security case study: Higher calling

Mobile security case study: Higher calling

A UK college provides its 'digital natives' with a secure environment that can be accessed anywhere from any device, reports Greg Masters.

Call of duty

Call of duty

With so much of the national infrastructure, from utilities to the internet itself, a potential target of attack, the Government is forging partnerships with the private sector to help protect the services we all rely on. But, in the wake of Edward Snowden, defence is no longer just a question of what can be done, but also of what is acceptable. Asavin Wattanajantra reports.

Raising the standard of PCI DSS

Raising the standard of PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is approaching its third iteration - and with it comes another chance to make the global standard fairer, more relevant and fit for purpose. By Phil Muncaster.

An inside job: the danger that lurks within

An inside job: the danger that lurks within

Every business faces the possibility of external attacks, but the real threat could be buried within, in the form of the disgruntled employee, says Dan Raywood.

Passwords: Fighting on the losing side?

Passwords: Fighting on the losing side?

Recent high-profile password breaches have raised doubts about current security measures, and whether a password can ever really be secure. By Dan Raywood.

The problem with SEDs

The problem with SEDs

Self-encrypting hard drives seemed to be a no-brainer when they hit the market due to their efficacy, but adoption has been poor because trends, such as the cloud, justify reliance on software that protects data wherever it is. By Asavin Wattanajantra.

SC Interview: Amar Singh, CISO at News International

SC Interview: Amar Singh, CISO at News International

As the chief information security officer of publishing giant News International, as well as having a pivotal role at ISACA, Amar Singh has a lot on his plate. He tells Dan Raywood about his personal philosophy of managing security in a large organisation, and why he wants to see former soldiers join the industry.

SC Survey in association with Good Technology: What you think about BYOD

SC Survey in association with Good Technology: What you think about BYOD

SC Magazine's second survey this month, in association with Good Technology, reveals a healthy attitude to BYOD, reports Tim Baker.

Just how secure is open source software?

Just how secure is open source software?

Open source software fosters innovation and inclusion, but what about the security, asks Asavin Wattanajantra.

SC Survey: Skills shortage in infosec

SC Magazine's latest survey asked the key questions on the skills and people shortage in the infosec industry. Here, we analyse the main findings from the online poll.

Infosec skills - Finally some answers to the big question

Infosec skills - Finally some answers to the big question

It's the problem that won't go away - so what is actually being done by the industry, government and academia to resolve the infosec skills crisis, asks Phil Muncaster.

SC Interview: Eric Cole, founder and CEO of Secure Anchor

SC Interview: Eric Cole, founder and CEO of Secure Anchor

Dr Eric Cole, founder and CEO of US security consultancy Secure Anchor, speaks exclusively to Dan Raywood about the key issues facing his clients - and why the security industry needs to put its words into practice.

Raising the standard

Raising the standard

In the current economic climate, computer networks are being relied upon more than ever by UK businesses. But how is this affecting our cyber security, and in turn, our profits?

Infosecurity Europe preview 2013

Infosecurity Europe preview 2013

More than 100 CISOs and security specialists are lining up to speak out at Infosecurity Europe 2013.

Trusted Platform Module: A delayed reaction?

Trusted Platform Module: A delayed reaction?

Despite the ubiquity of the Trusted Platform Module, hold-ups exist and adoption remains slow. Deb Radcliff reports.

Technology analysis: How easy are infosec products to use?

Technology analysis: How easy are infosec products to use?

The paradox of information security is that while the best products have necessarily complex functions, they must also be easy to use, writes Rob Buckley.

SC interview: Brian Shorten chairman of the Charities Security Forum

SC interview: Brian Shorten chairman of the Charities Security Forum

Brian Shorten, chairman of the Charities Security Forum, tells Dan Raywood about the third sector's unique information security plight - and how his network can help.

PCI: The rocky road to compliance

PCI: The rocky road to compliance

As we approach a year since the launch of PCI DSS 2.0, Dan Raywood speaks to organisations in various sectors to find out how they are dealing with the updated regulations.

A look at the European Commission's proposed revisions to data protection laws

A look at the European Commission's proposed revisions to data protection laws

Twelve months on from the publication of the European Commission's draft revision to data protection laws, claims of heavy-handedness and obsolescence have mounted - but the authority behind the bill remains defiant. Eric Doyle unpicks the issue.

Infosec analysis: Will this year be unlucky 13?

Infosec analysis: Will this year be unlucky 13?

What challenges can individual organisations, and the security industry at large, expect to face in the year ahead? With 2013 upon us, Phil Muncaster gathers the predictions and advice of infosec experts.

Everything you need to know about MSSPs

Everything you need to know about MSSPs

For obvious reasons, many people get jittery at the prospect of handing responsibility for their organisation's security to an outsider - and yet the benefits remain alluring. Kathryn Pick weighs up the pros and cons of using managed security service providers.

SC Confidential in association with Websense: Future-gazing

SC Confidential in association with Websense: Future-gazing

In the latest roundtable hosted by SC Magazine, in association with Websense, Andrew Kellett asks security professionals to pinpoint the likely trends for 2013.

How to cope with BYOD

How to cope with BYOD

The cloud, mobile device management and virtualisation are riding to the rescue of organisations faced with the inevitability of 'bring your own device'. By Rob Buckley.

The new Cold War

The new Cold War

With the US and Israel accused of sending Stuxnet to sabotage Iran's nuclear capability, and China and Russia implicated in cyber attacks on the West - as well as censoring their own citizens - have we entered a new Cold War? Asavin Wattanajantra investigates.

SC Awards Europe 2013 Preview: Going for gold

Everything you need to know about our annual industry competition and how to enter.

RSA Conference Europe 2012 Preview

Once again RSA Conference Europe has pulled it out of the bag with an impressive line-up of keynote speakers - including Wikipedia founder Jimmy Wales - and a schedule of tracks and sessions that reflect the industry's most pressing issues.

Roundtable in association with Websense: The threat within

In the latest roundtable hosted by SC Magazine, this time in association with Websense, Andrew Kellett asks security professionals how data protection and BYOD can be reconciled.

Kaspersky: The ITU, not Interpol, is our 'weapon'

Kaspersky Lab's eponymous founder tells journalists in Moscow that the International Telecommunication Union is vital in fighting cyber crime. By Mark Mayne.

Bring Your Own Device: OMG or A-OK?

Employee demand is compelling organisations to make a decision on 'bring your own device' - but despite some big-name cheerleaders of the trend, there is a danger that others might rush in before weighing up the pros and cons, writes Jessica Twentyman.

Roundtable in association with FireEye: What keeps CISOs awake at night?

The most worrying issue for the UK's C-level security professionals is fear of the unknown, Andrew Kellett discovered at a roundtable discussion hosted by SC Magazine in association with FireEye.

SC Survey in association with Egress: Data on the move

SC Magazine's latest survey, on the issue of securing data on the move, shows email in fine fettle and raises concerns about how confidential information is shared. We analyse the key findings from the poll.

I'm a Mac. I'm a PC. I'm a fridge...

Prepare for a host of new networking problems as devices never meant to be computers get hooked up to the system, reports Deb Radcliff.

Just how secure is the cloud?

Before moving assets to the cloud, CISOs must determine how much security they are willing to contract out, reports Stephen Lawton.

Compliance: the CISOs problem

With the burden of compliance increasingly falling on the shoulders of information security professionals, Rob Buckley asks how they can navigate the maze of ever-changing and expanding legislation - and keep their employers out of the headlines.

The evolving role of the CIO and CISO

With security becoming more critical in business environments, Jennifer Scott looks at who should take responsibility for the safekeeping of a company and how the two senior information roles must interact.

Hacktivism endures

Despite devoting resources and making arrests, authorities seem little closer to stopping the new face of social protest, reports Jim Romeo.

Butterfly on a wheel: Gary McKinnon

Butterfly on a wheel: Gary McKinnon

With a court hearing now imminent for accused hacker Gary McKinnon's fight against extradition to the US, the debate about the fairness of the system is getting fierce. Derek Parkinson asks McKinnon's supporters, legal experts - and a member of 'the NatWest Three' - why they want the Extradition Act to be overhauled.

A look at the financial health of the cyber security industry

Consultancy PricewaterhouseCoopers has released the first-ever report on merger and acquisition activity in the cyber security industry. Paul Fisher talks to the report's author and analyses some of its key findings.

The problem of employees sharing too much information

Information isn't just leaking, it's being broadcast over Web 2.0 media by a workforce prone to over-sharing. Deb Radcliff reports on the challenge organisations face in keeping sensitive data within their control.

How businesses use our online personal data: look and learn

Despite an EU directive and growing public concern about how big business uses our personal data, the companies that track online behaviour - and their advertiser clients - seem confident that the culture of 'implied consent' will prevail, writes Jennifer Scott.

Professional monitor in association with (ISC)2: the threat of BYOD

The increasing trend of 'bring your own devices' to work will become the norm for businesses imminently, completely changing the face of information security.

Focusing on mobile malware

Mobile malware, often distributed through applications, is increasing in scope and sophistication. Are you ready, asks Dan Kaplan.

The bug hunt

Big companies are controversially rewarding the research community to find code flaws. By Angela Moscaritolo.

A new world of risk

Fred Piper and Malcolm Marshall discuss risk mitigation and coming developments that may make your current methodology largely ineffective.

McAfee gets into the deep

Opinion is divided as to the merits of the joint technology from McAfee and its parent, Intel. Rob Buckley speaks to McAfee's EMEA CTO, and asks others in the industry for their views.

SC Survey: Network security

This month's SC Survey reveals that an alarmingly high proportion of information security professionals lack the tools and systems needed to alert upper management to the risk of attack and potential damage.

When it comes to information security some things never change

In 1969, Management Today printed an exposé of business managers' naïve approach to information security. Here, we reprint the article, showing little has changed in 42 years.

SC Magazine interview: Jonathan Craymer

The 'originator' of matrix-pattern authentication in the UK and Europe and founder of pin+ tells SC Magazine about his vision of one-time codes for all and why the future of personal authentication definitely won't include hardware - and possibly not even phones.

SC editor Paul Fisher meets Eugene Kaspersky in Moscow

When he flew to Moscow, Paul Fisher wanted to talk to Eugene Kaspersky about pressing industry issues like the consumerisation of IT - but the enigmatic CEO had other fish to fry, such as cracking Japan (with the help of a girl band) and Intel's useful acquisition of a rival.

Technology should not be blamed for problems in society

Technology should not be blamed for problems in society

As ever, technology is being blamed for all of society's ills. A look at the facts behind the stories exposes some flaws.

Moscow with Kaspersky Lab

SC Editor Paul Fisher went to Moscow to interview CEO and founder of Kaspersky Lab, Eugene Kaspersky.

No escape from the regulator

Nobody likes having someone looking over their shoulder and telling them how it's done, but this is the reality for CISOs in a tough regulatory environment. By Rob Buckley.

The vendor collectors

Security giants continue to plug gaps in their offerings by acquiring smaller players. But is innovation being stifled? Hannah Prevett investigates.

Survey: Data management

The latest SC survey looked at approaches and attitudes to data management and storage. Concerns surrounding cloud and access policies came under particular scrutiny.

SC Magazine interview: Stephen Howes, founder and CTO of GrIDsure

The chief technology officer and founder of access management start-up GrIDsure, which offers a shape-based alternative to traditional passwords, reveals how he got the idea off the ground - and where he thinks his peers are going wrong. By Paul Fisher.

A quantum leap for security

Big advances mean that quantum encryption may soon be ready to safeguard the most valuable assets of government and industry. John Edwards explains the science.

Analysis: MSSPs - a helping hand?

Despite the worries that persist around the outsourcing of security generally, more and more organisations - from city councils to small businesses - are finding that the pros of managed security services far outweigh the potential cons, writes Hannah Prevett.

Survey: Compliance strategies

In our latest survey, we looked at information security professionals' attitude to compliance. As ever, the results provide food for thought.

SIEM: Out of the shadows and into the light

Everyone is talking about security information and event management (SIEM), which gives organisations a unique vision of the threats they encounter. By David Waller.

Facing up to the mobile revolution

Whether companies are actively encouraging their employees to work on the move, or staff are simply using personal mobile devices of their own accord, security professionals face a major new headache in protecting their organisations from threats, writes Rob Buckley.

SC/Symantec.cloud Survey: Archiving and continuity

There is a growing need for email archiving, but our survey, in association with Symantec.cloud, reveals a neglectful attitude of 'out of sight, out of mind'.

SC Magazine interview: Michael White, technical director at Coverity

Coverity's technical director doesn't believe in surprises. The company has a triage process for resolving defects, in timely fashion, to help develop secure applications. It has clients across the globe, including financial giants such as Barclays. By Paul Fisher.

Virtualisation offers a lot of advantages but security must already be built in

In an increasingly complex security world, virtualisation promises much - if you build in security from the get-go, says Rob Buckley.

Analysis: Life after WikiLeaks

The WikiLeaks publication of confidential US dimplomatic cables is still causing ructions, but is it more embarrassing than dangerous? Derek Parkinson looks at the security lessons for the rest of us.

SC Magazine interview: Dan Turner, CEO of HP Information Security

The CEO of the newly formed HP Information Security is out to shake up the business of data security and now has the resources to do it. He outlines his plans to Paul Fisher.

Funding the new Home Guard to protect against cyber attacks

For the first time, cyber threats are on the fast track to the Prime Minister's in-tray. And with £650 million available, the Government is putting its money where its mouth is, says Derek Parkinson.

SC Magazine interview: Mushegh Hakinian, security architect at IntraLinks

CISSP security architect Mushegh Hakhinian leads the application security practice at secure information exchange service IntraLinks. Financial security has been his driving idea for the past 16 years, he tells Paul Fisher.

SC and SHS Survey on remote working

The survey reveals worrying levels of technological confusion and cultural inertia in an area vital for the future of UK Plc.

Case study: IT challenges facing Tottenham Hotspur Football Club

Premier League clubs have unique IT challenge's - such as 36,000 fans trying to access the wireless network on a Saturday. Dan Raywood kicks a ball around with Tottenham Hotspur's IT boss, Philip Rose.

Professional workshop: Managing your way out of risk

No organisation can prevent every possible incursion, so risk management is becoming the de facto way to protect an organisation's data. Rob Buckley takes you through the strategy and tactics of an approach used even in ancient Rome.

Professional workshop: Avoid web browser nightmares

There are complex questions surrounding enterprise web browser management. Mario Finetti suggests some practical answers.

SC Magazine interview: David Harley, senior research fellow at ESET

As director of the NHS Threat Assessment Centre, ESET's senior research fellow gained an understanding of the security demands of one of our greatest institutions. He's not sure current solutions are fit for purpose, he tells Dan Raywood.

Moving on from the 2007 data loss by HMRC

The loss in 2007 by Her Majesty's Revenue and Customs of 25 million people's details was a major warning to the public sector. Rob Buckley says that the private sector should also take heed.

Nettitude and Coventry University join forces to fight cyber criminals

Graduates starting out in any industry might find it difficult to get a job in the current economic climate, but for the graduates of information security, securing employment is almost impossible without them gaining the necessary work experience employers insist on.

SC Most Influential 2010

SC Most Influential 2010

The SC Most Influential is a new programme conducted in association with (ISC)2 to identify the most influential people in information security.

SC Executive Network: The perils of risk aversion

Controversial prof Frank Furedi ruffled some feathers at the third meeting of our exclusive club for industry leaders.

SC Think Tank: Data, use it or lose it

Our expert panel ponders the varying demands of data: preventing its loss, but not retaining it so long the ICO gets antsy.

RSA Conference Europe 2010

Brighten up those autumn days by attending this important security event: learn at sessions and the trade show, network with your peers.

Utility companies worldwide are rolling out smart meters but are they secure?

The quarterly lecky bill is on its way out - the smart grid will give the customer instant feedback - but is smart also secure? The debate is heating up, says Hannah Prevett.

SC Magazine interview: Art Coviello, president of RSA

The president of RSA is known for his controversial views on the industry. He may ruffle feathers, but is worth listening to, says Paul Fisher.

Digital forensics is in demand

Increasingly in demand in business, digital forensics has come of age at last. Mark Mayne wields the magnifying glass.

SC and Symantec Hosted Services Survey: How IT views online threats

Our exclusive SC/Symantec Hosted Services survey of IT staff attitudes to online threats turned up some interesting results - there was often a disconnect between perception of threat and the reality.

Newsletters