• Home
• News
  • Business Continuity News
  • Events Diary
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Planning
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Sectors
  • Financial Sector
  • Health
  • Public Sector
  • Retailing
  • Small & Medium Sized Enterprises
  • Transport & Logistics
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Newsletters
  • Subscribe
  • Manage Your Subscription
• Regional Info
  • Africa
  • Asia
  • Asia Pacific & Australasia
  • Europe (except UK)
  • Middle East
  • North America
  • South America
  • United Kingdom
• Other items
  • Advanced : Business Continuity
  • Advanced: ICT Continuity
  • Basic: Business Continuity
  • Basic: ICT Continuity
  • Business Continuity Journal
  • Directory: Consultants
  • Directory: BC Software
  • Discussion Groups
  • FAQ Service
  • Feeds
  • Looking for a Supplier
  • Search this site
  • Twitter: Business Continuity Tweets
  • Webinars

Sign up for Continuity Briefing
Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

INFORMATION SECURITY MANAGEMENT: ARTICLES

Report ‘debunks prevailing myths about distributed denial of service (DDoS) attacks’
Smaller, less intensive attacks, can wreak more damage on enterprises than large bandwidth cyber-attacks, according to a new study from Radware.
Read article
•Date: 8th February 2012 • World •Type: Article

World Economic Forum launches ‘Risk and Responsibility in a Hyperconnected World: Principles and Guidelines’
Principles aim to provide organizations with a model for organizational cyber resilience
Read article
•Date: 1st February 2012 • World •Type: Article

IBM launches new software to help organization control the influx of mobile devices to the workplace
Take control of ‘bring your own device’ threats.
Read article
•Date: 1st February 2012 • World •Type: Article

‘Cyber Security Strategies: Achieving Cyber Resilience’
New guidance document from the Information Security Forum.
Read article
•Date: 27th January 2012 • UK/World •Type: Article

PwC highlights cyber attack realities in Davos
On 25th January 2012 PwC hosted ‘a real time cyber crisis’ at the World Economic Forum.
Read article
•Date: 26th January 2012 • World •Type: Article

European Commission publishes new data protection proposals
Non-compliance penalties can be as high as 2 percent of the global annual turnover of a company.
Read article
•Date: 25th January 2012 • Europe / UK •Type: Article

SharePoint users develop insecure habits
Survey finds almost half of SharePoint users disregard the security within SharePoint, and copy sensitive or confidential documents to insecure hard drives, USB keys or even email it to a third party.
Read article
•Date: 19th January 2012 • World •Type: Article

Twenty critical controls for effective cyber defence
New guidance document from the UK Centre for the Protection of National Infrastructure.
Read article
•Date: 13th January 2012 • UK •Type: Article

2012 IT security predictions: blanket encryption or apocalypse now
2011 was the year of the third-party trust compromise, and the year of the bring your own device mobile revolution. Both of these will have their parts to play in 2012.
Read article
•Date: 1st January 2012 • Region: World •Type: Article

Industrial control systems: recommendations for improving security
Latest ENISA report describes the current situation concerning industrial control systems security and proposes seven recommendations for improving it.
Read article
•Date: 21st December 2011 • Europe/UK •Type: Article

Information security trends for 2012
Cryptzone’s predictions for the top security trends for the coming year.
Read article
•Date: 16th December 2011 • Region: World

How to detect and stop corporate espionage
The key to successfully preventing espionage is to not just focus on information security. By Michael Podszywalow, MBA, CISSP, CISM, CISA, CEH.
Read article
•Date: 2nd December 2011 • Region: World

2012 security predictions
Andy Kemshall reflects on the last twelve months and gives his forecast of the top security trends for the year ahead.
Read article
•Date: 25th November 2011 • Region: UK •Type: Article

Managing the risks of information leakage
Information leakage can slip under the conventional information security safety net: Bernardo Patrão highlights the problem and discusses techniques that help reduce the risk of damaging information leakage impacts.
Read article
•Date: 23rd November 2011 • Region: World

The DigiNotar, Comodo and RSA breaches: what have we learned?
Enterprises need to move past the shock and begin formulating their own compromise recovery and business continuity plans.
Read article
•Date: 23rd November 2011 • Region: World

New NIST tool helps organizations meet HIPAA requirements
Free HIPAA Security Rule Toolkit is intended to be a resource that covered entities can use to support their risk assessment processes.
Read article
•Date: 23rd November 2011 • Region: US

Security trends for 2012
User-centric attacks, hyperconnected social engineering, shoulder surfing, USB jacking and Cloud confusion are among the threats to watch.
Read article
•Date: 17th November 2011 • Region: World •Type: Article

New ISO/IEC technical report provides information security control guidelines
A new ISO/IEC technical report (TR) providing technical controls and compliance guidelines for auditors can improve the effectiveness of an organization’s information security system, says ISO.
Read article
•Date: 9th November 2011 • Region: World •Type: Article

14th Annual Global Information Security Survey: Companies rush to adopt new technologies leaving security threats as an after-thought
72 percent of companies see increasing level of risk due to external threats, yet only 12 percent discuss security issues in their regular board meetings.
Read article
•Date: 2nd November 2011 • Region: World •Type: Article

NIST releases update to smart grid roadmap
Includes a Risk Management Framework to provide guidance on security practices.
Read article
•Date: 28th October 2011 • Region: US/World •Type: Article

Information Security Governance – raising the game
Outlines how adopting a governance-style approach can lift security out of its technical ‘comfort zone’ and into a wider business context.
Read article
•Date: 26th October 2011 • Region: World •Type: Article

Majority of US small businesses ‘suffer from false sense of cyber security’: survey
The majority of small business owners believe that Internet security is critical to their success and that their companies are safe from cyber security threats: but most fail to take fundamental precautions.
Read article
•Date: 25th October 2011 • Region: US

The Duqu virus explored
Highly targeted threat follows in Stuxnet’s footsteps.
Read article
•Date: 21st October 2011 • Region: World •Type: Article

ISO officially launches ISO/IEC 27035:2011
New standard entitled ‘Information technology – Security techniques – Information security incident management.’
Read article
•Date: 21st October 2011 • Region: World •Type: Article

Certificate management explored
Calum MacLeod highlights twelve classic mistakes which can result in certificate-related downtime and IT security breaches.
Read article
•Date: 20th October 2011 • Region: World •Type: Article

Zero-day threats may be exaggerated
Microsoft Security Intelligence Report says that less than one percent of exploits in the first half of 2011 were against zero-day vulnerabilities.
Read article
•Date: 13th October 2011 • Region: World •Type: Article

Cyber threats forecast for 2012
Georgia Tech report highlights the security issues which are expected to cause the most problems to organizations in 2012.
Read article
•Date: 12th October 2011 • Region: World •Type: Article

US public/private leaders collaborate on ways to fight botnets
A voluntary industry code of conduct to address the detection and mitigation of botnets is needed.
Read article
•Date: 5th October 2011 • Region: US •Type: Article

Smartphones and enterprise security
Smartphones raise key security issues, which many organizations have yet to address.
Read article
•Date: 30th Sept 2011 • Region: World •Type: Article

2011 is the ‘Year of the Security Breach’ according to IBM X-Force report
The percentage of critical vulnerabilities has tripled in 2011.
Read article
•Date: 30th September 2011 • Region: World •Type: Article

‘An Anatomy of a SQL Injection Attack’
How hackers are innovating SQLi attacks to bypass security controls as well as increase potency.
Read article
•Date: 23rd September 2011 • Region: World •Type: Article

Social engineering risks explored
Check Point survey reveals nearly half of enterprises are victims of social engineering.
Read article
•Date: 22nd September 2011 • Region: UK/World •Type: Article

Understanding the correlation between data leakage and the security mission
In many apparently very secure organizations, data leakage enabled by advanced evasion techniques is a potential disaster just waiting to happen. By Professor John Walker.
Read article
•Date: 21st Sept 2011 • Region: World •Type: Article

New from NIST: Guide for Conducting Risk Assessments
Comprehensive information risk assessment guidance published; open for public comments through to November 4.
Read article
•Date: 21st September 2011 • Region: US •Type: Article

The dawn of the cyber savvy CEO
It’s time for leaders to get to grips with cyber threats, says PwC.
Read article
•Date: 16th September 2011 • Region: UK/World •Type: Article

Companies ignore e-crime insurance despite growing risk
Just over a quarter of UK organizations have taken out insurance against interruption of business by hackers, according to a KPMG survey.
Read article
•Date: 7th September 2011 • Region: UK •Type: Article

Cybercrime rises up the boardroom agenda
High profile corporate cybercrime is putting information security on boardroom agendas around the world, a global survey has revealed.
Read article
•Date: 19th August 2011 • Region: World •Type: Article

Emerging mobile culture threatening UK businesses
Workplace systems over-run by unsecure devices; widespread failure to comply with security measures.
Read article
•Date: 5th August 2011 • Region: UK •Type: Article

HP publishes ‘Second Annual Cost of Cyber Crime Study’
56 percent rise in cost of cybercrime; average cost to a large organization is $5.9 million per year.
Read article
•Date: 5th August 2011 • Region: World •Type: Article

EU cyber-security agency flags urgent security fixes for new web standards/HTML5
ENISA has identified 50 security threats and proposed how they should be addressed.
Read article
•Date: 3rd August 2011 • Region: World •Type: Article

US-CERT issues ‘Security Recommendations to Prevent Cyber Intrusions’
Technical Cyber Security Alert issued in response to growing number of high-profile incidents.
Read article
•Date: 22nd July 2011 • Region: US/World •Type: Article

Hacktivism and the lessons learned from LulzSec
What can be done to prevent future cyber disasters? By Rob Rachwald and Noa Bar Yosef.
Read article
•Date: 13th July 2011 • Region: World •Type: Article

The mobile security conundrum
As the lines between portable computers and mobile devices become blurred organizations need to act to address security vulnerabilities which could lead to data breaches and downtime. By Andy Cordial.
Read article
•Date: 29th June 2011 • Region: UK/World •Type: Article

Mobile security reaching a tipping point for organizations
Various significant security breaches that have occurred in 2011 have dramatically highlighted the link between information security and business continuity. In this article Rob Rachwald discusses an issue which is adding fuel to the fire: the growing security threat posed by mobile devices.
Read article
•Date: 16th June 2011 • Region: World •Type: Article

US Commerce Department proposes new policy framework to help protect companies where the Internet is business-critical
Aimed at businesses that rely on the Internet but which are not part of the critical infrastructure sector.
Read article
•Date: 15th June 2011 • Region: US •Type: Article

A growing threat to corporate networks: employee-owned devices
Over half of large UK businesses allow the use of employee-owned devices; but many of these are insecure and unmanaged.
Read article
•Date: 14th June 2011 • Region: UK •Type: Article

How employees’ holiday technology risks impact corporate networks
Survey reveals that over a quarter of respondents planning a trip abroad in 2011 admitted they would connect their devices to any available PC. And more than half confessed to inserting the same gadgets into their work PCs.
Read article
•Date: 3rd June 2011 • Region: UK •Type: Article

Organizations worldwide not keeping up with new security threats
73 percent of network devices analysed carry at least one known security vulnerability.
Read article
•Date: 25th May 2011 • Region: World •Type: Article

Cyber-attacks, Black Swans and business continuity management
Don’t plan for specific incidents: instead businesses need to have the right capabilities, which means training people in appropriate crisis skills. By Jim Preen.
Read article
•Date: 6th May 2011 • Region: World •Type: Article

Alarming rise in information security attacks against industrial control systems
Idappcom warns that this could be an indicator of a new attack trend.
Read article
•Date: 29th April 2011 • Region: World •Type: Article

PlayStation Network: will this be the largest online corporate disaster ever?
The crisis at Sony’s PlayStation Network has moved on from being an availability incident to a full scale corporate disaster.
Read article
•Date: 27th April 2011 • Region: World •Type: Article

ENISA issues final report on Cyber Europe 2010
Summary of lessons learned during the first pan-European cyber security exercise.
Read article
•Date: 20th April 2011 • Region: Europe / UK •Type: Article

The rise of APT
Defining Advanced Persistent Threats, by Amichai Shulman, CTO of Imperva.
Read article
•Date: 19th April 2011 • Region: World •Type: Article

Maturity model for information security management released
Enables the creation of information security management systems that are fully aligned with any organization's business mission and compliance needs.
Read article
•Date: 12th April 2011 • Region: World •Type: Article

European Commission reviews Member States' protection against cyber attacks
Report published to take stock of progress made in implementing the EU-wide 2009 action plan.
Read article
•Date: 5th April 2011 • Region: UK/Europe •Type: Article

Beware the ‘vanity attack’
Attackers are targeting individuals to gain access to corporate networks. Mickey Boodaei explains the process.
Read article
•Date: 25th March 2011 • Region: World •Type: Article

RSA breach: what are the risks?
RSA has announced that it has been the victim of an ‘extremely sophisticated’ hack which managed to breach its security. This page provides an update on the situation and various attempts at analysis of the risks the incident may pose to RSA users.
Read article
•Date: 22nd March 2011 • Region: World •Type: Article

Information Security Forum points to ‘disappearing network boundary’ as quarter of a million Google Android phones are hacked
Organizations need to start building a security model which does not rely on the network for protection.
Read article
•Date: 11th March 2011 • Region: World •Type: Article

Smartphones and enterprise systems: don’t let convenience override security considerations
Use your smartphone to log into cloud and secure systems at your peril says Lieberman Software CEO.
Read article
•Date: 3rd March 2011 • Region: US/World •Type: Article

New NIST publication offers advice on integrating information security risk planning into mission-critical functions
‘Managing Information Security Risk: Organization, Mission, and Information System View.’
Read article
•Date: 3rd March 2011 • Region: US/World •Type: Article

EU cyber security agency warns of risks associated with new types of cookies
New generation of cookies raise online security concerns.
Read article
•Date: 22nd Feb 2011 • Region: Europe •Type: Article

Information security from a business perspective
It’s time to stop seeing information security as simply a technical issue. By Christos K. Dimitriadis, Ph.D., CISA, CISM.
Read article
•Date:8th Feb 2011 • Region: World •Type: Article

New guide to cyber security incident management
The European Network and Information Security Agency has issued a guide on good practice, practical information and guidelines for the management of network and information security incidents by CERTs.
Read article
•Date: 21st Jan 2011 • Region: Europe / UK •Type: Article

OECD report provides a comprehensive analysis of the risks and impact of cyberattacks
Written by Peter Sommer and Ian Brown, the report is a contribution to the OECD project ‘Future Global Shocks’.
Read article
•Date: 18th Jan 2011 • Region: World •Type: Article

Weaponised malware - how criminals could use digital certificates to cripple organizations
In many companies digital certificates are an unquantified and unmanaged risk, says Jeff Hudson.
Read article
•Date: 14th Jan 2011 • Region: UK/World •Type: Article

New NIST publications provide recommendations for managing information security as a key component of mission-critical functions
Guidelines recommend an organization-wide IT security risk management approach.
Read article
•Date: 11th Jan 2011 • Region: US •Type: Article

A taxonomy of operational cyber security risks
CERT has published a technical note that attempts to identify and organize the sources of operational cyber security risk.
Read article
•Date: 4th Jan 2011 • Region: US/World •Type: Article

EU’s cyber-security agency highlights smartphone risks
A new ENISA report identifies the top security risks and opportunities of smartphone use and gives practical security advice for businesses, governments and consumers.
Read article
•Date: 14th Dec 2010 • Region: UK/Europe/World •Type: Article

US Financial Services Sector Coordinating Council signs cybersecurity research agreement with NIST, DHS
Will explore the benefits of new cybersecurity technologies and develop new processes that benefit critical financial services functions.
Read article
•Date: 10th Dec 2010 • Region: US •Type: Article

PwC comments on cyber attacks to defend WikiLeaks
“This is the first widespread fight on the Internet against repression and control.”
Read article
•Date: 10th Dec 2010 • Region: World •Type: Article

Securing privileged identities: a critical area of cloud security
As a cloud infrastructure grows, so too does the presence of unsecured privileged identities. By Phil Lieberman.
Read article
•Date: 8th Dec 2010 • Region: UK/World •Type: Article

Public and private sectors must partner on cyber security to prevent a “cyber 9/11”
Stuxnet a warning that must be acted upon, says US Homeland Security and Governmental Affairs Committee.
Read article
•Date: 19th Nov 2010 • Region: US •Type: Article

Unisys security predictions for 2011
Business continuity planning investment will grow as a defense/defence against cyber attacks.
Read article
•Date: 19th Nov 2010 • Region: US/World •Type: Article

Cybersecurity best practices and policy issues discussed at November ANSI Caucus
Continued public-private sector cooperation is critical to developing a reliable, resilient, and trusted digital infrastructure.
Read article
•Date: 18th Nov 2010 • Region: US •Type: Article

Top ten security trends for 2011
Imperva has provided its predictions for the top ten security trends for 2011.
Read article
•Date: 16th Nov 2010 • Region: US/World •Type: Article

New NIST guidance on managing WiMAX network risks
Special Publication 800-127.
Read article
•Date: 10th Nov 2010 • Region: US •Type: Article

13th annual Ernst & Young Global Information Security Survey
Emerging technology trends increase risks of protecting corporate information.
Read article
•Date: 4th Nov 2010 • Region: World •Type: Article

Security professionals are missing key information risks
Citicus is warning that financial organizations are neglecting key risks to their information systems by focusing too narrowly on technical data security controls.
Read article
•Date: 28th Oct 2010 • Region: World •Type: Article

Cyber threats to economic welfare do not stop at the public sector
UK businesses should take heed of the government’s actions in providing extra funding for cyber security which has been highlighted as a Tier 1 (most serious) threat to UK infrastructure.
Read article
•Date: 22nd Oct 2010 • Region: UK •Type: Article

Cyberwars : a real and present danger
Businesses at risk from collateral and intentional damage.
Read article
•Date: 15th Oct 2010 • Region: US/World •Type: Article

Lost in translation
Tackling the risk of security breaches in companies is being undermined by a potentially damaging breakdown in communication between the information security function, IT and the rest of the business, new joint research by PwC and (ISC)² reveals.
Read article
•Date: 15th Oct 2010 • Region: World •Type: Article

If your head’s in the cloud, keep your feet on the ground
Cloud models and their associated risks. By Ruvi Kitov.
Read article
•Date: 13th Oct 2010 • Region: World •Type: Article

Awareness of the risks of poor information management and records keeping is rising: AIIM survey
However, a third of organizations still have no systems in place to manage and record their electronic documents.
Read article
•Date: 13th Oct 2010 • Region: World •Type: Article

Cyber threats forecast for 2011
The Georgia Tech Information Security Center has announced the release of the GTISC Emerging Cyber Threats Report for 2011.
Read article
•Date: 8th Oct 2010 • Region: World •Type: Article

Stuxnet is a malware paradigm shift: EU cyber security agency
Europe should reconsider its protection measures for critical information infrastructure protection in the light of Stuxnet.
Read article
•Date: 8th Oct 2010 • Region: Europe •Type: Article

State of the Internet 2010: A Report on the Ever-Changing Threat Landscape
CA Technologies report shows the rise of ‘Crimeware-as-a-Service’.
Read article
•Date: 6th October 2010 • Region: World •Type: Article

Centre for the Protection of National Infrastructure issues Stuxnet guidance
The Stuxnet attacks confirm earlier warnings of the vulnerabilities from merging engineering domains with previously separate business networks.
Read article
•Date: 5th October 2010 • Region: UK •Type: Article

Commission to boost Europe's defences against cyber-attacks
Two new measures announced.
Read article
•Date: 1st October 2010 • Region: Europe •Type: Article

Cyber Storm III completed
Participants from the US, Australia, Canada, France, Germany, Hungary, Italy, Japan, the Netherlands, New Zealand, Sweden, Switzerland, and the United Kingdom have taken part in a comprehensive cyber-incident exercise.
Read article
•Date: 1st October 2010 • Region: Various •Type: Article

New research improves ability to detect malware in cloud computing systems
North Carolina State University software addresses one of cloud computing's weak links: hypervisor integrity.
Read article
•Date: 22nd Sept 2010 • Region: US/World •Type: Article

UK out of step with the rest of the world when it comes to planned spending on information security
And business impacts of IS breaches increasing: according to 2011 PwC Global State of Information Security Survey.
Read article
•Date: 16th Sept 2010 • Region: UK •Type: Article

The buck stops here: why the CEO is responsible for everything
Ray Bryant explains why the big chair in most organizations can carry a lot more responsibility than you might think...
Read article
•Date: 9th Sept 2010 • Region: World •Type: Article

Information security starts before software purchase
CPNI has published a list of questions that procurement teams, business risk managers and information security professionals should be asking vendors to help prevent software related downtime.
Read article
•Date: 3rd Sept 2010 • Region: UK/World •Type: Article

Misconfigured networks are the main cause of breaches
According to Tufin Technologies’ annual ‘Hacking Habits’ survey.
Read article
•Date: 1st Sept 2010 • Region: World •Type: Article

Global security threats have reached record levels
IBM X-Force report reveals 36 percent rise in vulnerability disclosures for first half of 2010.
Read article
•Date: 26th August 2010 • Region: World •Type: Article

DEF CON survey looks into cloud hacking
Hackers see the cloud as full of opportunities.
Read article
•Date: 26th August 2010 • Region: World •Type: Article

GAO report finds that US public-private cybersecurity coordination is still lacking
‘Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed.’
Read article
•Date: 18th August 2010 • Region: US •Type: Article

The top five undiscovered vulnerabilities most commonly found on enterprise networks
At least 84 percent of enterprises lack network visibility into frequently exploited but easily remedied vulnerabilities, says Lumeta.
Read article
•Date: 4th August 2010 • Region: World •Type: Article

Cloud Security Alliance launches ‘Certificate of Cloud Security Knowledge’
Aimed at promoting secure cloud computing.
Read article
•Date: 28th July 2010 • Region: World •Type: Article

NIST publishes draft cloud computing and virtualization security guidance
Comment period runs until August 13th.
Read article
•Date: 22nd July 2010 • Region: US •Type: Article

UK Centre for the Protection of National Infrastructure publishes guide to managing online social networking risks
‘Online social networking - a good practice guide.’
Read article
•Date: 20th July 2010 • Region: UK/World •Type: Article

Winners of US National Cybersecurity Awareness Challenge announced
The Challenge, announced in March, received more than 80 proposals.
Read article
•Date: 16th July 2010 • Region: US •Type: Article

Updated computer security NIST guidelines focus on security assessment plans
Revised Guide for Assessing Security Controls in Federal Information Systems and Organizations.
Read article
•Date: 8th July 2010 • Region: US •Type: Article

‘Security awareness: Turning your people into your first line of defence’
Many companies over-confident about business continuity plans, according to Marsh survey.
Read article
•Date: 18th June 2010 • Region: World •Type: Article

A tale of two hacks
What every business continuity manager should know about advanced persistent threats and industrialized hacking.
Read article
•Date: 17th June 2010 • Region: World •Type: Article

Using new UK ICO powers as a force for change
Now is a good opportunity to focus executive management on fixing data protection holes in your organization, says Dave Tripier.
Read article
•Date: 16th June 2010 • Region: UK •Type: Article

Deloitte 2010 security survey: financial institutions making identity and access management tools their top priority
Security practices of financial institutions evolve.
Read article
•Date: 11th June 2010 • Region: World •Type: Article •Topic: Financial sector BC

Digital copiers and information security
Many organizations are unaware of the information security risks associated with copiers, fax machines and large volume printers. By Dr. Jim Kennedy.
Read article
•Date: 2nd June 2010 • Region: US/World •Type: Article

New computer security threat warning
Researchers predict new threat for wireless networks: Typhoid adware.
Read article
•Date: 25th May 2010 • Region: US/World •Type: Article

‘Security for Cloud Computing Users’: survey results
US organizations are more likely to deploy business-critical applications in the cloud than their European counterparts.
Read article
•Date: 19th May 2010 • Region: US/Europe •Type: Article

Cloud security study
IT unaware of all cloud services used in their enterprise; less than half of cloud services are vetted for security.
Read article
•Date: 13th May 2010 • Region: US •Type: Article

New study looks into network resilience of 30 European countries
Key security actors, strategies, and good practices in Europe mapped by ENISA.
Read article
•Date: 12th May 2010 • Region: UK/Europe •Type: Article

When it comes to information security many employees are ‘the enemy within’
Survey finds that many employees are generally imprudent and ambivalent when it comes to their company's overall security health.
Read article
•Date: 11th May 2010 • Region: World •Type: Article

UK IT departments losing the social media security ‘power struggle’
More than half of IT decision makers in the UK see the security threat of staff use of social media as their biggest concern, according to new research by LANDesk Software.
Read article
•Date: 6th May 2010 • Region: UK/World •Type: Article

2010 Information Security Breaches Survey results
New wave of security breaches hitting UK businesses.
Read article
•Date: 29th April 2010 • Region: UK •Type: Article

Priorities identified for future EU research into IT security
The EU’s cyber security Agency ENISA has published a new report concluding that the EU should focus its future IT security research on five areas.
Read article
•Date: 29th April 2010 • Region: UK/Europe •Type: Article

Data protection a critical business issue and not just a technology concern: but perception of data security at odds with reality
Accenture study finds gaps between business strategy, risk management, compliance reporting and IT security.
Read article
•Date: 28th April 2010 • Region: World •Type: Article

North Carolina State University research offers ‘key to resolving virtualization and cloud computing hypervisor security issues’
New ‘HyperSafe’ solution, leverages existing hardware features to secure hypervisors.
Read article
•Date: 28th April 2010 • Region: US/World •Type: Article

‘The Financial Management of Cyber Risk: An Implementation Framework for CFOs'
New guidance from the Internet Security Alliance and the American National Standards Institute.
Read article
•Date: 27th April 2010 • Region: US •Type: Article

Fast pace of change in technology use is leaving businesses at risk
Cloud computing and social networking leave UK businesses highly exposed to cyber attacks, according to the 2010 Information Security Breaches Survey.
Read article
•Date: 22nd April 2010 • Region: UK/World •Type: Article

‘Growing sophistication of cyber attacks pose greatest risk to US infrastructure’: Clarus Research Group survey
Federal IT personnel believe that the possibility is ‘high’ for a cyber attack by a foreign nation in the next year.
Read article
•Date: 9th April 2010 • Region: US •Type: Article

‘Shadows In The Cloud: Investigating Cyber Espionage 2.0’
A joint report by The Information Warfare Monitor and the Shadowserver Foundation has highlighted how the public cloud is being utilised by advanced hackers.
Read article
•Date: 7th April 2010 • Region: N.America/World •Type: Article

Western organizations are ignoring iPhone security risks
Corporate network security can potentially be bypassed through iPhone use, says DeviceLock.
Read article
•Date: 30th March 2010 • Region: World •Type: Article

Council of Europe call for worldwide implementation of the Budapest Convention on cybercrime
At its recent 5th annual conference on cybercrime, the Council of Europe called for the worldwide implementation of its Convention on Cybercrime.
Read article
•Date: 26th March 2010 • Region: W.Europe •Type: Article

ISO and IEC publish new information security management systems standard
‘ISO/IEC 27003:2010, Information technology – Security techniques – Information security management system implementation guidance.’
Read article
•Date: 22nd March 2010 • Region: World •Type: Article

Will virtualization and cloud computing change how we achieve security?
By Gert Hansen, chief software architect, Astaro.
Read article
•Date: 12th March 2010 • Region: World •Type: Article

Symantec 2010 State of Enterprise Security Study
75 percent of organizations have suffered a cyber attack losing an average of $2 million annually.
Read article
•Date: 10th March 2010 • Region: World •Type: Article

The Cloud Security Challenge
The Global Security Challenge has launched a competition to discover innovative new solutions to help protect governments and enterprises as they adopt the cloud.
Read article
•Date: 4th March 2010 • Region: World •Type: Article

NIST releases ‘Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach’
Final version now available.
Read article
•Date: 4th March 2010 • Region: US •Type: Article

Top cloud security threats identified in new research report
Report published by the Cloud Security Alliance and HP.
Read article
•Date: 2nd March 2010 • Region: World •Type: Article

Document-related threats rising dramatically: IBM X-Force report
Attackers target profitable and easily executable vulnerabilities in Web browsers and document readers.
Read article
•Date: 26th Feb 2010 • Region: World •Type: Article

Fuzzing: helping to avoid zero-day attacks
What is fuzzing? Ari Takanen explains.
Read article
•Date: 23rd Feb 2010 • Region: World •Type: Article

Mobile security – the time has come for action
Advances in mobile device technology are running ahead of changes to corporate defences. By Sean Glynn.
Read article
•Date: 12th Feb 2010 • Region: UK/World •Type: Article

Cyber-war is here and the enterprise is on the frontlines
Critical infrastructure more than twice as likely to be targeted in cyber-attacks, according to ScanSafe Annual Global Threat Report.
Read article
•Date: 12th Feb 2010 • Region: World •Type: Article

IT security 2010
Stonesoft warns of heightened risk.
Read article
•Date: 5th Feb 2010 • Region: World •Type: Article

NIST issues expanded draft of Smart Grid Cyber Security Strategy
Draft for public review and comment; includes more detailed technical inputs.
Read article
•Date: 4th Feb 2010 • Region: US •Type: Article

APRA releases guidance on the management of security risk in information and information technology
Aims to target areas where APRA’s ongoing supervisory activities continue to identify weaknesses.
Read article
•Date: 3rd Feb 2010 • Region: Australia •Type: Article

UK Security Breach Investigations Report 2010 published
A report summarising analysis of data compromise cases has been released by Computer Security and Forensics consulting firm 7Safe and the University of Bedfordshire. Anonymised data has been analysed from over 60 computer forensic investigations undertaken by 7Safe. Entitled ‘The UK Security Breach Investigations Report’, it is available from www.7Safe.com/breach_report
•Date: 3rd Feb 2010 • Region: UK •Type: Briefing

Cloud computing changing the risk landscape
However, little or no consideration has gone into evaluating and mitigating the risks.
Read article
•Date: 26th Jan 2010 • Region: UK •Type: Article

Fifth annual Worldwide Infrastructure Security Report
Finds service and application-layer attacks replace large scale botnet-enabled attacks as top operational threat.
Read article
•Date: 21st Jan 2010 • Region: World •Type: Article

How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.