Government plans for IOT security welcomed but also criticised as being only a set of advisories and recommendations which do not include watertight regulations around credentials and authentication.
If devices are shipped with the low-hanging fruit problems removed, security becomes a consumer requirement, which will lead hardware vendors to guarantee a baseline level of security.
There is enough information now available from the NCSC to allow organisations to start identifying the gaps in their NIS directive approach and understand the risks these pose.
Human rights activists are concerned that the Chinese government's regulation requiring that Apple host its citizen's iCloud accounts on servers in China could make it easier for that nation to track down dissenters.
SC Congress 2018: Register by 1.0 pm Wednesday 14th to get your FREE day pass on Thursday 15 February, at the ILEC Conference Centre, 47 Lillie Road, London, SW6 1UD.
Data controllers and processors are required to carefully think about the ways to effectively secure personal data and take all necessary steps in this respect to prevent possible infringements of the Regulation.
EU NIS Directive: As the implementation of the first true piece of cyber-security legislation draws near, Jalal Bouhdada discusses its potential impact on 'operators of essential services.
Ultimately, responsible handling of data is not about avoiding fines: it is about safeguarding reputation. You can put a price tag on non-compliance with the GDPR, but what price loss of shareholder and customer confidence?
Many organisations need to implement technology upgrades and end-to-end protection to assist them in meeting GDPR's data privacy requirements.
Not everything you thought you knew about GDPR is correct, and a corporate governance approach to GDPR is better than a cyber-security approach says David Froud.
Late last year SC Media UK finally met someone confident that their organisation is GDPR compliant, ready for the new regulations coming into force in May: Stephen Schmidt, CISO, Amazon Web Services (AWS).
Making use of ISO 27001 can assist an organisation to be GDPR compliant in several key areas and they can then use this certification to demonstrate a level of GDPR compliance.
The commission decided today to repeal the regulations put in place under the Obama administration, prompting criticism that the move would not only choke freedom but would compromise security and privacy.
May 2018 signals a watershed moment for data protection regulation which should be seen an opportunity for greater emphasis to be afforded to information security, and the processes that support this across organisations.
For more than a year, even as it negotiated with regulators in the US over privacy infractions, Uber hid a massive hack that resulted in cyber-thieves pilfering the personal information of 57 million customers and drivers.
As the GDPR clock ticks down to implementation, it is clear that this will not be a non-event like the Millennium Bug - it will happen and there will be dire consequences, potentially company-closures, in the event of non-compliance.
The FIDO Europe Working Group launched today with the aim of accelerating the use of FIDO authentication standards in Europe. SC Media UK spoke to Alain Martin, co-chair of the new FIDO Europe Working Group.
GDPR: It's important to put data intelligence tools in place that will allow you not only to conduct an audit of the data you have collected in the past but also address compliance in the future says Rob Perry.
SMBs in the UK with operations or supply chain in the EU need to focus their attention on GDPR and security posture; there is a level of scrutiny around data management that many SMBs are unlikely to have experienced before.
GDPR - Process change is just the beginning, but more interestingly we will see new technologies and use-cases being born and blossom that we can't yet imagine says Todd Ruback.
Ahead of GDPR, even minor breaches are now being reported, with the UK government agency, the Homes and Communities agency, notifying the ICO of a limited breach of its information security policy on Monday 9 October.
Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.
GDPR is built on the assumption that people are better prepared than they are, so we will fail to comply, therefore take a risk-based approach and focus on the things that matter.
What is the basis for the ban on Kaspersky products being used by US government authorities? Is it retaliation for Russia's foreign software ban, fear of potential government pressure, intelligence on actual threats - or prejudice?
Commercial multi-user gateways may only be licensed where the supplier can demonstrate that callers can be identified following Security Minister direction to Ofcom to ensure government access to information.
Implementation of GDPR could potentially spell the end of almost one in five European businesses says Petter Nordwall, particularly if regulators come out swinging and impose maximum fines for data breaches.
Ignoring GDPR is not an option.Richard Menear notes how history has shown us that the regulators will be looking for a few companies where they can impose a big fine to set an example for the rest of the industry.
The US government's decision to ban Kaspersky Lab security software raised concerns from users over their own Kaspersky purchases and drew a sharp rebuke from the Kremlin about anti-competitive practices
Tomorrow the UK's new Data Protection Bill is to be published as part of a multi-billion pound National Cyber Security Strategy