There is a general lack of understanding amongst IT professionals regarding exactly what they needed to change in everyday processes to achieve regulatory compliance (under GDPR).
There is enough information now available from the NCSC to allow organisations to start identifying the gaps in their NIS directive approach and understand the risks these pose.
The vision is that Card Not Present transactions will be increasingly deflected onto other payment channels, completely bypassing the use of card numbers at the website/call centre.
Data breaches often stem from poorly-managed records. By encoding critical information about the records into the files themselves, companies can create a platform for security, efficiency and cost management.
GDPR: It's important to put data intelligence tools in place that will allow you not only to conduct an audit of the data you have collected in the past but also address compliance in the future says Rob Perry.
SMBs in the UK with operations or supply chain in the EU need to focus their attention on GDPR and security posture; there is a level of scrutiny around data management that many SMBs are unlikely to have experienced before.
Focus on the big picture of what GDPR and DPB are trying to achieve, and not the minutiae of a document.advises Marco Dos Santos.
Unlike compliance mandates, the Center for Internet Security's Critical Security Controls enable you to easily see where holes exist in your current security armoury before you engage external expertise says Mark Kedgley
GDPR is built on the assumption that people are better prepared than they are, so we will fail to comply, therefore take a risk-based approach and focus on the things that matter.
Before you start looking at GDPR you need to understand what PII data you have, where it is, who has access, who it is shared with, and ultimately, how you can best manage it according to GDPR requirements says Julian Cook.
As organisations continue to embrace the benefits offered by diverse multi-cloud environments, it's essential that they're aware of how best to achieve both compliance and control says Peter Galvin.
Ignoring GDPR is not an option.Richard Menear notes how history has shown us that the regulators will be looking for a few companies where they can impose a big fine to set an example for the rest of the industry.
PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."
US surveillance practices render EU-US Privacy Shield ineffective according to a recent letter from Amnesty International and Human Rights Watch.
Abeer Khedr has been the Information Security Director at National Bank of Egypt (NBE) since 2010. Since its birth in 1898 with a capital of £1 million, NBE is regarded as one of the oldest and most respected commercial banks in Egypt. SC's Ali Taherian caught up with Khedr to talk about some of the specific problems and solutions she deals with day to day.
A new report from the House of Lords maps the data protection landscape post Brexit, and offers several warnings.
Richard Whomes looks at how companies must ensure that they can access and view data across the entire IT estate, to comply with the EU GDPR.
The ICO has released its international strategy, plotting its plans for Brexit and GDPR compliance.
Gordon Morrison discusses how GDPR is a once in a lifetime opportunity to overhaul cyber processes.
A Northamptonshire games company has been fined, as an example that any, big or small, who break the rules will be dealt with accordingly says ICO.
The Information Commissioner's Office (ICO) has run an investigation and concluded that Morrisons intentionally sent thousands of marketing emails to its card members.
The Hong Kong electoral commision has been criticised by privacy regulators after two laptops were stolen containing the information of all of Hong Kong's voters.
British businesses are the most unprepared for GDPR compliance, according to new findings from Sophos.
Businesses in the UK are struggling to face the looming threat of cyber-attacks, with nearly a third of C-level executives admitting they don't have a response plan - or don't even know whether or not they have one.
In a room full of people selling boxes to help with GDPR compliance, SC was told there is no box that can make you GDPR compliant.
The UK data protection regulator doubled the total value of fines it issued in 2016 while enforcement notices grew by 155 percent.
The UK government is expected to ask for encryption defeating powers in the wake of last week's deadly terrorist attack in Manchester.
The Department of Justice is asking the US Congress to pass a law which would allow it to make reciprocal agreements with foreign governments to issue warrants to seize data in other countries.
Nick Taylor discusses what GDPR mandates businesses to do and the challenges they face in complying.
A year today - May 25th 2018 - the EU's new General Data Protection Regulation (GDPR) will end its honeymoon period and be enforced - potentially harshly.