Standards News, Articles and Updates

The four issues impacting IoT security

If devices are shipped with the low-hanging fruit problems removed, security becomes a consumer requirement, which will lead hardware vendors to guarantee a baseline level of security.

74% of privacy-immature organisations hit by losses of more than £350,000

Many organisations have been investing in resources and processes to meet GDPR standards ahead of the May deadline according to Cisco's first Privacy Maturity Benchmark Study.

FIDO promotes device-based unified authentication standards

The FIDO Europe Working Group launched today with the aim of accelerating the use of FIDO authentication standards in Europe. SC Media UK spoke to Alain Martin, co-chair of the new FIDO Europe Working Group.

Surprising amout of cryptographic mistakes in IEEE standards allow IP theft

Weak cryptography in a standard developed by the IEEE could result in hackers bypassing encryption safeguards to steal intellectual property in plaintext, scientists discover.

New PCI standard lets card users self-authenticate by web or mobile

Consumers are now able to authenticate themselves with their credit and debit card issuers when buying online by using web browsers or via mobile applications using the new EMV® 3DS standard, designed to cut online card fraud.

Standarised aggregation of digital forensic data agreed across Europe

The CASE unified format for aggregating digital data from different forensic tools has been agreed at an event hosted by Europol's EC3 this week.

CRASH report: UK comes last in analysis of secure coding practises

An analysis of over one billion lines of code finds the UK ranks last for the security of its code and finds that teams of 10 do better than teams of 20 or more.

Interior Dept must update access control standards to meet NIST guidelines - report

The Inspector General has said that the U.S. Department of the Interior has to beef up its access controls if it wants to meet current standards

Russia strengthens banking system security standards

New standards and regulations to improve Russian bank responses to cyber-attacks - and help prevent insiders taking advantage of cyber-attacks to cover criminality.

Free market is failing cyber-security, blasts GCHQ chief

The government must intervene to help improve cyber-security standards within the industry, according to GCHQ director Robert Hannigan.

The applicability of ISO 27001 across industries

Dejan Kosutic says ISO 27001 is applicable not only to IT firms, but also to financial organisations, government agencies, telecoms and health organisations.

How relevant is Cyber Essentials to your business proposition?

Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security, says Chris Stanley.

Cyber-security industry needs benchmarks for access risk

Wave upon wave of data breaches are putting company IT security measures under the microscope worldwide, says Chris Sullivan.

The need for industry standards in the fight against cyber-crime

The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.

Wi-Fi hackable planes 'not a massive threat'

A warning from a US government watchdog that hackers could potentially destroy an airplane via the on-board Wi-Fi has been questioned and criticised by information security professionals and pilots alike.

How does PCI DSS 3.0 affect you?

Suspicious activity now needs to be monitored in the entire processing chain, hence implementing PCI DSS 3.0 helps stop attacks before compromises occur says Ross Brewer.

Restoring cloud confidence

Despite the recent iCloud breach, cloud security is better than its current image suggests - and if you are demanding of your supplier, it can be better still says Jamal Elmellas.

NIST to NSA: get your hands off our encryption (please)

NIST cryptographers want to be able to reject NSA guidance.

RSA 2014: In the dock - understanding a data breach trial

If you have broken no law, nor failed to comply with any agreed industry standard, are you liable for the consequential loss incurred by your clients if you suffer a data breach that causes them loss?

Why security is the next challenge for Bitcoin

Since its launch in 2009, Bitcoin has continued to dominate news headlines, for both good and bad reasons.

Europe's CERTs - share to beat cyber attacks

Europe's computer emergency response teams (CERTs) need to share attack informatio to combat the increasingly complex cyber attacks they face.

P2P encryption solution gets PCI SSC approval

European Payment Services (EPS) in Berkshire has become the first vendor to have its point-to-point encryption (P2PE) hardware certified under global security standards used to protect consumer card data.