Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

The Continuity Central Archive

On 20th April 2015 a redesign of Continuity Central went live. On that site all content added to Continuity Central since 1st January 2015 is available.

To visit the new site click here.

You are welcome to continue browsing this archive, but please note that no new content is being added to it. For fresh content visit the new site.


NIST publishes guidance on supply chain risk management practices
NIST has announced the release of NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
Read article
•Date: 14th April 2015 • US •Type: Article

What are nation state information security attacks really telling us?
A change is necessary in the mind-set about how we protect IT to an approach that sees attacks as a part of doing business.
Read article
•Date: 8th April 2015 • World •Type: Article

Many organizations still vulnerable to Heartbleed
Venafi has published new research reevaluating the risk of attacks that exploit incomplete Heartbleed remediation in Global 2000 organizations.
Read article
•Date: 8th April 2015 • World •Type: Article

FFIEC issues cyber attacks advice
The US Federal Financial Institutions Examination Council (FFIEC) has released two statements about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software (malware).
Read article
•Date: 7th April 2015 • US •Type: Article

DDoS attacks increasing as a business continuity threat to EMEA organizations
Survey shows more than a third of multiple DDoS attacks affected impacted businesses for more than 24 hours.
Read article
•Date: 1st April 2015 • Various •Type: Article

Organizations fear the Cryptoapocalypse
A Ponemon Institute and Venafi survey report has found that the information security incident that organizations are most concerned about is a ‘Cryptoapocalypse-like event’: a scenario where the standard algorithms of trust, such as RSA and SHA, are compromised and exploited overnight.
Read article
•Date: 31st March 2015 • Various •Type: Article

Boards must up their game before the hackers claim checkmate
The connected world is under siege and current security solutions and approaches are outdated and inadequate: it’s time for organizational boards to recognise this and take action.
Read article
•Date: 30th March 2015 • UK/World •Type: Article

Why security need not stifle agility
Many CIOs are struggling to realise the full benefits of their increasingly virtualized IT estates, largely due to the strains of staying secure. But Reuven Harrison says it doesn’t have to be this way...
Read article
•Date: 30th March 2015 • World •Type: Article

ASIC issues major cyber resilience report
The Australian Securities and Investments Commission has published 'Cyber resilience: Health Check (REP 429)' to help its regulated population improve cyber resilience.
Read article
•Date: 24th March 2015 • Australia •Type: Article

Survey highlights DDoS impacts
Revenue and reputation losses are the most damaging consequences of a DDoS attack.
Read article
•Date: 20th March 2015 • World •Type: Article

Survey finds that good information security is a positive business benefit
Research shows that businesses investing in cyber security experience faster growth.
Read article
•Date: 18th March 2015 • UK/Europe •Type: Article

Apple and Microsoft issue FREAK fixes
FREAK update amongst a number of critical updates; organizations using Windows, Office, Exchange and/or IE, will find themselves in a very busy patching month.
Read article
•Date: 12th March 2015 • World •Type: Article

Don’t panic! Six steps for surviving your first data breach
Getting breached doesn’t establish whether or not you have a decent security program in place: but how you respond to a security breach does.
Read article
•Date: 6th March 2015 • World •Type: Article

Social messaging and file-sharing content is left unmanaged in a third of firms: AIIM study
Lack of information governance for digital channels increases the risk of a data breach and reputational damage.
Read article
•Date: 6th March 2015 • World •Type: Article

Organizations still leaving security gaps unfilled
IT professionals believe their organizations aren't doing enough to protect critical data and systems, according to a survey commissioned by Sungard Availability Services.
Read article
•Date: 4th March 2015 • US/World •Type: Article

Information security management is changing: Gartner
The focus of information security management is moving from blocking and detecting attacks, to detecting and responding to attacks.
Read article
•Date: 25th February 2015 • World •Type: Article

The 2015 Cyber Risk Report
New HP report looks at the security threat landscape.
Read article
•Date: 24th February 2015 • World •Type: Article

Endpoint Protection: Attitudes and Trends 2015
Bromium, Inc., has published the results of a survey of more than 100 information security practitioners focused on the greatest challenges and risks facing their organizations today.
Read article
•Date: 23rd February 2015 • World •Type: Article

Bank cyber-attacks highlight the need for ‘war games’
Playing war games is one effective way of highlighting potential weak spots, says KPMG.
Read article
•Date: 19th February 2015 • UK/World •Type: Article

The limits of prevention-centric information security programs highlighted
Damballa Q4 2014 State of Infections Report underlines the importance of adopting a proactive stance to threat detection.
Read article
•Date: 16th February 2015 • US/World •Type: Article

NIST Industrial Control Systems Security Guide update published for final public review
The US National Institute of Standards and Technology (NIST) has issued proposed updates to its Guide to Industrial Control Systems (ICS) Security (NIST Special Publication 800-82) for final public review and comment.
Read article
•Date: 11th February 2015 • US •Type: Article

How much could a DDoS attack cost your business?
A Kaspersky Lab survey report has quantified the average cost of DDoS attacks on organizations.
Read article
•Date: 4th February 2015 • World •Type: Article

Seven things you need to know about the ‘GHOST’ vulnerability
GHOST could potentially allow an attacker to take over the control of an entire Linux system: Szilard Stange provides more details and lists actions that organizations can take to protect their systems.
Read article
•Date: 30th January 2015 • World •Type: Article

The 10th Annual Worldwide Infrastructure Security Report
Distributed denial-of-service (DDoS) is now a very serious threat to business continuity says Arbor Networks report.
Read article
•Date: 29th January 2015 • World •Type: Article

Information security: why we should talk about incident response
A recent study found that for over 90 percent of information security incidents, the time from incident discovery to remediation was one hour or longer. Is this good enough?
Read article
•Date: 27th January 2015 • US/World •Type: Article

President Obama proposes ‘Enabling Cybersecurity Information Sharing’ legislation
President Obama has made an updated proposal to introduce legislation to require US organizations to share information about cyber attacks.
Read article
•Date: 14th January 2015 • US •Type: Article

IBM study: number of cyber attacks on retailers drops by half in 2014 compared to 2012
However the severity of individual attacks increased.
Read article
•Date: 8th January 2015 • US/World •Type: Article

Cybersecurity predictions for 2015
Proofpoint looks at how information security threats are likely to evolve during the coming year.
Read article
•Date: 2nd January 2015 • World •Type: Article

If you doubted that information security was a business continuity issue consider a four letter word: Sony
The Sony attack shows how important it is for business continuity managers to get involved in information security.
Read article
•Date: 22nd December 2014 • World •Type: Article

What can you do to make sure your organization is not the next Sony?
WatchGuard Technologies urges action, not panic.
Read article
•Date: 22nd December 2014 • US/World •Type: Article

2015 cyber risk and data protection predictions
EY has outlined some of the key areas that cyber risks threaten to impact in the coming year.
Read article
•Date: 17th December 2014 • World •Type: Article

Shaping mobile security
Keith Bird shows how a new approach to mobile security can help organizations achieve the right balance of protection, mobility and productivity.
Read article
•Date: 16th December 2014 • World •Type: Article

Security predictions for 2015
New challenges and risk mitigation drive changes to IT security.
Read article
•Date: 12th December 2014 • UK/World •Type: Article

British companies at risk of becoming cyber-dominoes
This is the key finding from Radware’s ‘Global application and security report’.
Read article
•Date: 10th December 2014 • World •Type: Article

Badly managed access rights put critical data at risk
Employees with needlessly excessive data access privileges represent a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.
Read article
•Date: 10th December 2014 • Various •Type: Article

Blind faith in security standards could create cyber vulnerabilities
Relying on standards and IT audits often leads to 'checklist syndrome', with the security strategy failing to address the wider business risks, even though the demands of the standard were met on paper, says Seth Berman.
Read article
•Date: 4th December 2014 • World •Type: Article

UK businesses ‘sleepwalking into reputational time bomb’: BSI
Lack of awareness on how to protect data assets is leaving businesses exposed.
Read article
•Date: 2nd December 2014 • UK •Type: Article

Four questions to consider when building a security platform
Useful advice from Steve Salinas.
Read article
•Date: 1st December 2014 • World •Type: Article

SolarWinds survey points to a false sense of security in UK organizations
A lack of widespread adherence to best practices, combined with the number of organizations that have suffered a significant cyber attack, potentially indicates a false sense of security.
Read article
•Date: 26th November 2014 • World •Type: Article

You can't always stop a breach: but you should always be able to spot one
December 15th is the anniversary that Target's infamous security breach was discovered; but has anything really changed in the year that has gone by? Retailer after retailer is still falling foul of the same form of malware attack. So just what is going wrong?
Read article
•Date: 25th November 2014 • World •Type: Article

Despite the hype ‘encrypted’ does not equal ‘safe’
A Blue Coat survey reveals the security risks hiding in encrypted web traffic.
Read article
•Date: 19th November 2014 • World •Type: Article

Defending the firewall
Despite claims of its demise, the firewall is still the foundation stone of security deployments says Keith Bird.
Read article
•Date: 14th November 2014 • UK/World •Type: Article

What you need to know about ‘WinShock’
Yet again the information security world is buzzing with the news of another serious vulnerability, this time in all versions of Microsoft Windows.
Read article
•Date: 13th November 2014 • World •Type: Article

Less than half of critical business data in UK organizations is secure: survey
Senior executives within UK businesses say that critical data is not being protected, a new report from NTT Com Security shows.
Read article
•Date: 13th November 2014 • UK •Type: Article

University of Maryland experts discover lapses in Heartbleed bug fix
A detailed analysis by cybersecurity experts from the University of Maryland found that website administrators tasked with patching security holes exploited by the Heartbleed bug may not have done enough.
Read article
•Date: 10th November 2014 • US/World •Type: Article

FFIEC releases cybersecurity assessment observations
Assessment evaluated institutions’ preparedness to mitigate cybersecurity risks.
Read article
•Date: 10th November 2014 • US •Type: Article

ISM: ‘detect and respond’ is no silver bullet
Solutions to complex problems often require organizational changes: yet this critical element is often either ignored or seems impossible to implement.
Read article
•Date: 4th November 2014 • World •Type: Article

Many organizations are still unprepared for cyber attacks
Annual global EY survey finds that 37 percent of organizations have no real-time insight on cyber risks.
Read article
•Date: 3rd November 2014 • World •Type: Article

Have we learnt from our Heartbleed mistakes?
David Sandin looks at whether we have heeded the lessons of Heartbleed bug, the implications of Shellshock and the future security of open-source coding.
Read article
•Date: 30th October 2014 • World •Type: Article

Majority of IT security professionals are ‘naïve’ when it comes to perimeter security
Many organizations are completely ill-equipped to deal with today’s advanced attacks, according to a Lieberman Software survey.
Read article
•Date: 28th October 2014 • World •Type: Article

Lack of IT policies on devices putting companies at risk
New research from Kroll Ontrack, reveals how companies that don’t regulate employee usage of business devices with effective IT policies are putting data security at risk.
Read article
•Date: 15th October 2014 • UK •Type: Article

Reducing the risk that your people pose to your organization
People and process are frequently disregarded when it comes to improving security posture, partly because the security risk they pose to an organization is difficult to measure and track.
Read article
•Date: 2nd October 2014 • World •Type: Article

Cybersecurity incidents more frequent and costly: but budgets decline
According to the Global State of Information Security Survey 2015.
Read article
•Date: 1st October 2014 • World •Type: Article

All you need to know about the Bash vulnerability
Craig Young overviews the Bash / Shellshock vulnerability which was recently identified and looks at whether it really is worse than Heartbleed, as has been widely claimed.
Read article
•Date: 30th September 2014 • World •Type: Article

Bash vulnerability views
‘Bash’ or ‘Shellshock’, a major new security vulnerability that could have greater impacts than Heartbleed, has been uncovered. In this article Continuity Central summarises the views of a number of information security professionals concerning this vulnerability.
Read article
•Date: 26th September 2014 • World •Type: Article

Trends that will reshape organizational security
A new SANS Institute paper looks at four key technology trends that will have the most impact on cybersecurity programs.
Read article
•Date: 25th September 2014 • World •Type: Article

Awareness of information security threats growing; but organizations struggle to manage the risks
According to Protiviti's 2014 IT Security and Privacy Survey.
Read article
•Date: 16th September 2014 • World •Type: Article

Increasing complexity of cyber attacks leaves many organizations exposed
Lieberman Software survey reveals that advanced cyber attacks are so sophisticated that conventional security tools are unable to cope.
Read article
•Date: 11th September 2014 • World •Type: Article

SANS updates information security policy templates library
The SANS Institute has released 27 completely refreshed information security policy templates that corporations and government agencies can use to ensure their security policies are practical, up-to-date and reflect real-world experience.
Read article
•Date: 10th September 2014 • US/World •Type: Article

To deter cyber attacks, build a public-private partnership
Meaningfully improving cyber security and ensuring the resilience of systems will require cooperation between members of the private sector and the government, according to University of Illinois College of Law paper.
Read article
•Date: 26th August 2014 • US/World •Type: Article

Managing mobile device risks
Ian Kilpatrick looks at the risks involved with mobile devices and how to secure them.
Read article
•Date: 20th August 2014 • UK/World •Type: Article

Risky Business: The State of Mobile Security in the UK
New research shows that attitudes to mobile security are putting UK business data at risk.
Read article
•Date: 14th August 2014 • UK •Type: Article

How quickly can organizations detect a data breach on critical systems?
Not as quickly as they think they can, says Tripwire.
Read article
•Date: 12th August 2014 • US/World •Type: Article

Active risk management: defending against the cyber storm
How to put your organizations into a more confident, competitive position when it comes to information security threats.
Read article
•Date: 8th August 2014 • UK/World •Type: Article

70 percent of Internet of Things devices vulnerable to attack: HP study
IoT devices averaged 25 vulnerabilities per product, indicating expanding attack surface.
Read article
•Date: 5th August 2014 • World •Type: Article

International tensions heighten cyber security risks: KPMG
Organizations might find themselves on the frontline of a cyberwar.
Read article
•Date: 29th July 2014 • UK/World •Type: Article

Fear of downtime resulting in poor password management
Security professionals don’t change passwords frequently enough out of fear that changing passwords could cause outages and downtime.
Read article
•Date: 24th July 2014 • World •Type: Article

Factor security into application release automation or face severe disruption cautions Tufin CTO
Reuven Harrison, CTO, Tufin, predicts major enterprise network disruption ahead, as businesses become increasingly run on software.
Read article
•Date: 24th July 2014 • World •Type: Article

Russia sanctions could spark a cyber-war
Western nations are at risk of cyber-warfare if Russia is pushed too far by sanctions, warns Professor Mike Jackson a computer security expert at Birmingham City University.
Read article
•Date: 23rd July 2014 • Various •Type: Article

Employees are the most frequent point of failure when it comes to information security
‘Malicious’ and ‘ignorant’ employees are putting organizations at risk.
Read article
•Date: 22nd July 2014 • US/UK •Type: Article

Information risk management lessons
Most companies are doing something to mitigate information risk, but few are doing enough says Christian Toon.
Read article
•Date: 16th July 2014 • World •Type: Article

The 2014 Cyber Defence Maturity Report
Cyber security confidence undermined by contradicting investments as 39 percent of IT organizations experienced more than two significant security incidents in the past year.
Read article
•Date: 16th July 2014 • US/Europe •Type: Article

Protecting business-critical information in virtual environments
Advice from David Phillips.
Read article
•Date: 10th July 2014 • World •Type: Article

Point of sale systems are a weak link in the information security chain
A new survey by Vanson Bourne has found that POS systems are a problem area when it comes to cyber attacks.
Read article
•Date: 9th July 2014 • World •Type: Article

Reaction against scaremongering may be resulting in boards not taking cyber risks seriously enough
According to The annual KPMG Business Instincts Survey.
Read article
•Date: 4th July 2014 • UK •Type: Article

DDoS attacks are becoming more effective at causing downtime
One-in-five organizations have had their systems taken down for an entire working day by a DDoS attack: BT survey.
Read article
•Date: 2nd July 2014 • World •Type: Article

Lessons learned from Heartbleed
As the dust settles after the initial Heartbleed crisis response, what lessons are starting to emerge? By Russ Spitler.
Read article
•Date: 19th June 2014 • World •Type: Article

Exploring cyber blackmail attack issues
Should companies pay cyber hijacking ransoms? 
Read article
•Date: 19th June 2014 • World •Type: Article

Employee attitudes to wi-fi security put businesses at risk
UK employees are potentially putting their companies at risk of cyber-attack when using mobile devices for work purposes while on holiday or on a short break, new research has found.
Read article
•Date: 18th June 2014 • UK •Type: Article

Cyber risk oversight guidance for corporate directors
A new resource from AIG, NACD, and ISA.
Read article
•Date: 18th June 2014 • US/World •Type: Article

Boards failing to take ownership of cyber risks
Despite growing levels of awareness and understanding of cyber risk among large and medium-sized corporations across the UK and Ireland, board-level ownership of the issue remains comparatively low with many firms relying on their IT departments for the strategic direction of their cyber risk strategies.
Read article
•Date: 17th June 2014 • UK •Type: Article

The 2014 Information Maturity Risk Index
Iron Mountain reports on information risk management practices.
Read article
•Date: 12th June 2014 • N.America / UK / Europe

Bank of England launches CBEST framework to test and improve financial sector cyber resilience
CBEST differs from other security testing because it uses real threat intelligence and focuses on the more sophisticated and persistent attacks on critical systems and essential services.
Read article
•Date: 11th June 2014 • UK •Type: Article

How to avoid big data security chaos
Gartner says big data needs a data-centric security focus.
Read article
•Date: 6th June 2014 • World •Type: Article

Fear of reputational damage driving data protection compliance
According to Ipswitch survey.
Read article
•Date: 4th June 2014 • UK/Europe •Type: Article

An introduction to the Mission Risk Diagnostic for Incident Management Capabilities
The Software Engineering Institute's (SEI) CERT Division had published a technical note which describes the Mission Risk Diagnostic for Incident Management Capabilities ((MRD-IMC), a risk-based way to assess an organization's information security incident management function.
Read article
•Date: 3rd June 2014 • US/World •Type: Article

2014 US State of Cybercrime Survey
Costs associated with cybercrime surge while organizations are still unprepared to battle threats; report finds eight key cybersecurity deficiencies and highlights what organizations can do to combat them.
Read article
•Date: 2nd June 2014 • US •Type: Article

A Taxonomy of Operational Cyber Security Risks
An updated version of the Software Engineering Institute’s 2010 report presents a taxonomy of operational cyber security risks and harmonizes it with other risk and security activities.
Read article
•Date: 27th May 2014 • US/World •Type: Article

Traditional approaches to cybersecurity ‘no longer work’
Board directors suffering from fear, uncertainty and doubt (FUD) fatigue…
Read article
•Date: 26th May 2014 • UK/World •Type: Article

US retailers launch ‘Retail Cyber Intelligence Sharing Center’
Through the R-CISC, retailers are sharing cyber threat information among themselves and, via analysts, with public and private stakeholders.
Read article
•Date: 16th May 2014 • US •Type: Article

Back to basics…
Security breaches are on the rise. Yet as security experts face ever more complex and challenging threats, is there a risk some of the basic components of IT security are being overlooked?
Read article
•Date: 15th May 2014 • World •Type: Article

Cyber security being superseded by ‘cyber resilience’
Traditional cyber security is now inadequate for today’s threat landscape and must be superseded by ‘cyber resilience’, demanding more vigorous action from company boardrooms.
Read article
•Date: 14th May 2014 • UK/World •Type: Article

‘Rogue employees’ are the biggest threat to information security
Confidence in information security risk management strategies is low, according to BSI poll.
Read article
•Date: 14th May 2014 • UK / World •Type: Article

Check Point 2014 Security Report identifies ‘exponential increase in new and unknown malware on enterprise networks’
Report based on monitored security events from over 10,000 organizations worldwide.
Read article
•Date: 12th May 2014 • World •Type: Article

Linking ISM and BCM brings real business benefits: Ponemon survey
The involvement of business continuity management reduced the cost of a data breach by an average of almost $9 per record.
Read article
•Date: 6th May 2014 • World •Type: Article

The Information Security Breaches Survey 2014
Cost of UK business cyber security breaches almost double.
Read article
•Date: 6th May 2014 • UK •Type: Article

Integrating cyber security and business continuity
Actions an organization can take to better align business continuity and cyber security efforts and increase organizational resilience.
Read article
•Date: 30th April 2014 • US/World •Type: Article

Data breaches surge in 2014
200 million data records stolen in first three months of the year.
Read article
•Date: 30th April 2014 • World •Type: Article

New Internet Explorer vulnerability requires immediate action
Exploits of serious vulnerability likely to increase; IE users need to make settings changes or use an alternative browser.
Read article
•Date: 30th April 2014 •World •Type: Article

Reducing threats from within the organization
Despite the headlines that high profile external attacks engender, insider threats are more likely to have financial and business continuity impacts on organizations. Dr. Jim Kennedy explores this important but hard to manage threat.
Read article
•Date: 23rd April 2014 • US/World •Type: Article

Companies warned not to let Heartbleed affect HR and payroll
Some SaaS HR systems vulnerable.
Read article
•Date: 22nd April 2014 • UK/World •Type: Article

New Ponemon study ‘finds massive overconfidence in enterprise security strength’
More than half of organizations filter out negative facts before communicating security risk to C-level executives.
Read article
•Date: 19th April 2014 • World •Type: Article

What do business continuity managers need to know about Heartbleed?
Andrew Waite gives an overview of the Heartbleed vulnerability.
Read article
•Date: 10th April 2014 • UK/World •Type: Article

UN agency launches study to assess status of cybersecurity worldwide
The Global Cybersecurity Index (GCI) aims to drive efforts to integrate cybersecurity on a global scale.
Read article
•Date: 8th April 2014 • World •Type: Article

DDoS: a seven-point action plan
No business continuity plan is complete without taking into account the risk represented by DDoS attacks. Rakesh Shah explains the measures that can be taken to mitigate the threat.
Read article
•Date: 4th April 2014 • US/World •Type: Article

Data security: risk and prevention for financial firms
Sentronex has put together an infographic highlighting the issues, concerns and preventative measures available to ensure big data remains an asset to a financial business.
Read article
•Date: 2nd April 2014 • UK/World •Type: Article

2014 Global Threat Intelligence Report
New report focuses on five critical areas of security: threat avoidance, threat response, threat detection, investigative and response capabilities.
Read article
•Date: 1st April 2014 • World •Type: Article

Has cyber security awareness improved among the largest UK businesses?
It isn't all doom and gloom when it comes to cyber security, says Tom Neaves.
Read article
•Date: 27th March 2014 • UK •Type: Article

The top six ways to encrypt sensitive data on AWS
SafeNet identifies best practices for protecting sensitive data in the cloud.
Read article
•Date: 27th March 2014 • World •Type: Article

83 percent of businesses are not fully prepared for an online security incident: Economist Intelligence Unit
Despite 77 percent of companies suffering an incident in the past two years, over a third of firms (38 percent) still have no incident response plan in place should an incident occur.
Read article
•Date: 19th March 2014 • World •Type: Article

Next generation industrial control systems create ‘open invitation’ for hackers
According to a Marsh Risk Management Research paper.
Read article
•Date: 19th March 2014 • World •Type: Article

Less risk, more reward
Managing vulnerabilities in a business context.
Read article
•Date: 17th March 2014 • World •Type: Article

FBI Director highlights cyber threat growth
FBI Director James Comey spoke to a group of cyber security industry professionals at the RSA Conference in San Francisco last week, highlighting the ‘dire’ nature of cyber threats.
Read article
•Date: 5th March 2014 • US •Type: Article

Proper information security only comes by being truthful
Too many organizations are unwilling to face the facts when it comes to their information security risks and protective status. To move forward an honest assessment is required…
Read article
•Date: 4th March 2014 • US/World •Type: Article

SANS Institute survey highlights the scale of the information security challenge
Almost half of organizations are operating under the assumption that their network has already been compromised...
Read article
•Date: 26th February 2014 • US •Type: Article

The weak link in the chain…
Small office/home office (SOHO) wireless routers introduce significant cyber security risks: Tripwire study.
Read article
•Date: 24th February 2014 • UK/US •Type: Article

UK companies lag behind the US in cyber security readiness
Many board level executives around the world still failing to address cyber security: BT survey.
Read article
•Date: 17th February 2014 • UK/US •Type: Article

Change detection technology has changed: for the better
Mark Kedgley examines the importance of real-time file integrity monitoring in a constantly and quickly evolving threat landscape.
Read article
•Date: 11th February 2014 • UK/World •Type: Article

The top enterprise security threats
HP has published its Cyber Risk Report 2013, identifying top enterprise security vulnerabilities and providing analysis of the expanding threat landscape.
Read article
•Date: 5th February 2014 • World •Type: Article

Bank of England publishes Waking Shark II report
The Bank of England has published the findings of the Waking Shark II exercise, which tested the wholesale banking sector’s response to a sustained and intensive cyber-attack.
Read article
•Date: 5th February 2014 • UK •Type: Article

UK organizations leaving the door open for information security attacks due to failures in staff training
A fifth of UK organizations do not provide any IT security training for staff.
Read article
•Date: 3rd February 2014 • UK •Type: Article

Network security’s ticking time-bomb
Balancing effective IT security against a business’s need for agility is an age-old issue. But today, getting that balance right is trickier than ever.
Read article
•Date: 21st January 2014 • World •Type: Article

Mobile applications increasingly being used for DDoS attacks
The prevalence of mobile devices and the widespread availability of downloadable apps that can be used for DDoS is a game changer…
Read article
•Date: 15th January 2014 • World •Type: Article

Key information protection and governance trends
Espion predicts some key information protection, governance and ediscovery trends which will affect organizations over the coming 12 months.
Read article
•Date: 20th December 2013 • World •Type: Article

Four enterprise IT predictions for 2014
What challenges threaten to impact on the integrity of enterprise IT systems during the year ahead? David Gibson, VP at Varonis Systems, gives his predictions.
Read article
•Date: 18th December 2013 • World •Type: Article

The Kroll 2014 cyber security forecast
Kroll has released its annual Cyber Security Forecast, predicting the most significant cyber issues that organizations will face in 2014.
Read article
•Date: 17th December 2013 • US •Type: Article

Businesses remain ill prepared to protect themselves against DDoS threats
Inadequate protection, untested response plans and confused roles and responsibilities leave many businesses exposed.
Read article
•Date: 17th December 2013 • World •Type: Article

Social engineering: understanding the threat
The UK government’s Centre for the Protection of National Infrastructure has published a new guidance document on social engineering threats.
Read article
•Date: 12th December 2013 • UK •Type: Article

Top cyber-threats listed in ENISA Threat Landscape Report
The ENISA Threat Landscape presents the top current cyber threats of 2013 and identifies emerging trends.
Read article
•Date: 12th December 2013 • World •Type: Article

Softening the business impact of security management
How better visibility, and automated management of business application connectivity enables a more agile business and enhances security. 
Read article
•Date: 6th December 2013 • World •Type: Article

Ten questions that board members should ask about information security
Recent research should serve as a wakeup call to those charged with governance and compliance to apply the same rules to information risk that are in place for other forms of corporate risk.
Read article
•Date: 3rd December 2013 • UK/World •Type: Article

Cyber attacks: the worst is yet to come
Cyber-crime and malware attacks will increase during 2014 as criminals capitalise on recent successes.
Read article
•Date: 3rd December 2013 • World •Type: Article

Resilience Metrics for Cyber Systems
Managing resilience for cyber systems requires metrics that reflect the relationships among system components in physical, information, cognitive and social domains.
Read article
•Date: 27th November 2013 • World •Type: Article

Information security in 2014
2014 will be the year that incident response finally matures to a business process says Tim Keanini.
Read article
•Date: 26th November 2013 • US/World •Type: Article

PCI DSS Version 3.0: new standard but same problems?
New Net Technologies has provided a white paper that examines the implications of the new PCI DSS Version 3.0 for businesses.
Read article
•Date: 22nd November 2013 • World •Type: Article

How to implement a cyber incident response plan
It is a sign of the changing security landscape that it is almost certain that sooner or later your organization will experience a security incident. It is therefore essential to have a cyber incident response plan in place.
Read article
•Date: 15th November 2013 • World •Type: Article

Prolexic advises against a multi-layered strategy to block DDoS attacks
Multi-layered approaches increase the risk of website downtime rather than reduce it.
Read article
•Date: 15th November 2013 • World •Type: Article

Information security management in the industrial sector
The industrial sector is less effective than other sectors in deploying risk management controls and communicating effectively about security.
Read article
•Date: 14th November 2013 • World •Type: Article

FUD causing poor information security decision making
Fear of attack is causing security professionals to shift focus away from disciplines such as enterprise risk management and risk-based information security to technical security: Gartner.
Read article
•Date: 8th November 2013 • World •Type: Article

Version 3.0 of the PCI Data Security Standard and Payment Application Data Security Standard published
New version introduces a penetration testing requirement and aims to make security a ‘business as usual’ activity.
Read article
•Date: 8th November 2013 • World •Type: Article

Emerging Cyber Threats Report 2014
Georgia Tech has issued its annual report which looks at emerging cyber threats.
Read article
•Date: 7th November 2013 • US •Type: Article

Are enterprises losing the cyber-war?
Survey finds a lack of confidence in the ability of organizations to detect and stop advanced attacks on enterprise servers.
Read article
•Date: 6th November 2013 • World •Type: Article

‘Security Policy Orchestration: Supporting Tomorrow’s Networks’
A new report looks at the security challenges that increasing network complexity is causing.
Read article
•Date: 5th November 2013 • World •Type: Article

The last rites of traditional IT security
In a changing threat landscape anti-virus software is fast beginning to look past its sell-by date says Mark Kedgley.
Read article
•Date: 29th October 2013 • World •Type: Article

Coordinating security response and crisis management planning
Too often information security incident response plans, disaster recovery and business continuity plans are not aligned with the overall corporate crisis management process. Martin Welsh and Keith Taylor discuss the benefits of achieving this.
Read article
•Date: 25th October 2013 • World •Type: Article

Security officers gaining a strategic voice: IBM Study
A new IBM study of security leaders reveals that they are increasingly being called upon to address board-level security concerns and as a result are becoming a more strategic voice within their organizations.
Read article
•Date: 25th October 2013 • US/World •Type: Article

Plan to fail for better security and continuity
Tom Davison looks at how failures can be used to boost security and help business continuity: if approached in the right way.
Read article
•Date: 15th October 2013 • World •Type: Article

New ENISA white paper: Can we learn from industrial control systems/SCADA security incidents?
ENISA, the EU’s cyber security agency, has released a white paper giving recommendations regarding prevention and preparedness for an agile and integrated response to cyber security attacks and incidents against industrial control systems / SCADA.
Read article
•Date: 11th October 2013 • Europe / UK •Type: Article

Time to resolve cyber-attacks more than doubles: Ponemon Institute survey
HP has published the results from a study conducted by the Ponemon Institute, indicating that the cost, frequency and time to resolve cyber-attacks continue to rise for the fourth consecutive year.
Read article
•Date: 9th October 2013 • US •Type: Article

Operation Waking Shark 2 to test UK financial sector’s cyber-security defences and response mechanisms
Test scheduled for mid-November.
Read article
•Date: 8th October 2013 • UK •Type: Article

The majority of IT security professionals expect a state-sponsored cyber attack in the next six months
According to a Lieberman Software survey.
Read article
•Date: 4th October 2013 • US / World •Type: Article

Emerging wireless risks to consider
Ian Kilpatrick considers the risks to businesses from the proliferation of wireless access points and discusses the benefits of deploying secure access points, which are directly linked to gateway security.
Read article
•Date: 3rd October 2013 • UK/World •Type: Article

Majority of technology companies view cyber security as a serious threat to business continuity
Silicon Valley Bank survey looks at information security views of technology companies.
Read article
•Date: 1st October 2013 • US/World •Type: Article

Revised BS ISO/IEC 27001 and BS ISO/IEC 27002 standards now available
The 2013 revision of the international information security standards will enable businesses of all sizes and sectors to accommodate the rapid evolution and increased complexity of managing information and the continual challenge that cyber security poses.
Read article
•Date: 1st October 2013 • UK/World •Type: Article

UK Centre for the Protection of National Infrastructure issues spear phishing guidance
Advice on spear phishing attacks and what an organization can do to protect itself from the threat.
Read article
•Date: 25th September 2013 • UK •Type: Article

ENISA highlights the threat of multi-pronged large impact cyber-attack events
ENISA has presented a short report into the top cyber threats, as a ‘first taste’ of its interim Threat Landscape 2013 report.
Read article
•Date: 25th September 2013 • Europe/UK •Type: Article

Security concerns emerge with the new gTLDs
One of the major concerns is ‘name collision’ reports Jonathan French.
Read article
•Date: 11th September 2013 • World •Type: Article

October will be the first ‘European Cyber Security Month’
ECSM activities will take place in Austria, Belgium, Bulgaria, the Czech Republic, Germany, Estonia, Greece, Spain, Finland, France, Ireland, Iceland, Italy, Latvia, Lithuania, Luxembourg, Moldova, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Sweden and the United Kingdom.
Read article
•Date: 11th September 2013 • Europe/UK •Type: Article

The growing threat from state-sponsored cyberattacks
We’re losing the battle against state-sponsored cyberattacks and things are not going to improve any time soon, according to a new survey from Lieberman Software Corporation.
Read article
•Date: 4th September 2013 • US/World •Type: Article

Ten things IT should be doing to protect your data: but probably isn’t
Businesses today are struggling with proper data protection: Rob Sobers provides some help.
Read article
•Date: 29th August 2013 • World •Type: Article

New York Times hack highlights a resiliency weak point shared by many organizations
The New York Times hack appears to have been a DNS service breach.
Read article
•Date: 29th August 2013 • US/World •Type: Article

Insider Threat Attributes and Mitigation Strategies
CERT report looks at the common attributes that insider threat cases demonstrate.
Read article
•Date: 28th August 2013 • US/World •Type: Article

Four steps for denying DDoS attacks
How should banks and financial institutions deal with increasing numbers of large-scale denial of service attacks?
Read article
•Date: 23rd August 2013 • World •Type: Article

2013 version of ISO/IEC 27001 on target for October release
ISO/IEC 27001, the information security management system standard, is in the final stages of its latest revision.
Read article
•Date: 22nd August 2013 • World •Type: Article

Implementing a good information security program
The frequency and potential impacts of information security breaches are increasing. Dr. Jim Kennedy explains why and looks at what organizations can do about it.
Read article
•Date: 13th August 2013 • US/World •Type: Article

When it comes to network security do enterprises have their head in the sand?
Lancope has released a survey indicating that many enterprises possess an unrealistic confidence surrounding the security of their networks.
Read article
•Date: 6th August 2013 • World •Type: Article

Report looks at live threat intelligence trends
A new report by the Ponemon Institute looks at ‘live threat intelligence’ and its role in information security.
Read article
•Date: 30th July 2013 • World •Type: Article

Research highlights the risks that organizations are taking with Java
Less than one percent of enterprises are running the latest version.
Read article
•Date: 23rd July 2013 • World •Type: Article

Boardroom Cyber Watch 2013: survey results
More than half of boards only receive annual reports on the cyber-risks facing their organization.
Read article
•Date: 16th July 2013 • World •Type: Article

How to avoid the complexity risks associated with next-generation firewalls
Next-generation firewalls can be a real headache for the IT department; Sam Erdheim shows how to maximise security while avoiding the complexity that such firewalls can bring.
Read article
•Date:11th July 2013 • UK/World •Type: Article

Cyber threats: a new mindset is required
Organizations need to move from guarding to gathering says KPMG.
Read article
•Date: 11th July 2013 • World •Type: Article

How DDoS attackers can turn mitigation devices against you
Backscatter from mitigation devices can cause collateral damage in SYN reflection attacks.
Read article
•Date: 9th July 2013 • World •Type: Article

The beginning of the end for firewalls?
There’s a new focus in town: data access control will increasingly trump network access control.
Read article
•Date: 5th July 2013 • US/World •Type: Article

Survey looks at risk based security management
48 percent say their organization’s approach to risk based security management is non-existent or ad-hoc.
Read article
•Date: 4th July 2013 • UK/US •Type: Article

NIST consults on ways to speed-up computer security incident team responses
RFI calls for input for a new publication, Computer Security Incident Coordination, which will supply guidance, methodologies, procedures and processes to cut response time and limit information loss when multiple organizations are involved.
Read article
•Date: 2nd July 2013 • US •Type: Article

Maintaining availability: the importance of DDoS defences in business continuity planning
Actionable information security practices are critical to business continuity planning, yet many business continuity plans do not include this element. This is a major oversight, says Rakesh Shah.
Read article
•Date: 21st June 2013 • UK/World •Type: Article

New PAS 555 specification will help organizations manage cyber security
BSI has created a new specification: ‘PAS 555 Cyber security risk – Governance and management – Specification’ to help organizations manage their exposure to cyber security risks.
Read article
•Date: 21st June 2013 • UK/World •Type: Article

The 2013 Information Risk Maturity Index
The results of a study conducted jointly by Iron Mountain and PwC.
Read article
•Date: 21st June 2013 • Europe •Type: Article

Immature approach to cyber threats placing organizations at risk: Marsh
Many leading European organizations are still taking an immature approach to cyber risk and have yet to fully embed cyber threats into their risk management strategies as a result.
Read article
•Date: 11th June 2013 • World •Type: Article

How to get your company board to consider cyber threats as part of corporate risk and business decisions
A new advice document had been published by the UK government’s Centre for the Protection of National Infrastructure.
Read article
•Date: 7th June 2013 • UK/World •Type: Article

The Impact of Mobile Devices on Information Security: survey report
63 percent of businesses do not attempt to manage corporate information on employee-owned devices; 79 percent of businesses experienced a mobile security incident in the past year.
Read article
•Date: 6th June 2013 • World •Type: Article

Android antiviral products easily evaded: Northwestern University study
Sensitive data cannot be reliably protected on Android devices.
Read article
•Date: 31st May 2013 • US/World •Type: Article

Emulating the enemy
Threat emulation is a critical technique in achieving more effective network security. Terry Greer-King explains why.
Read article
•Date: 22nd May 2013 • World •Type: Article

Majority of organizations underestimate scope of privileged account security risk: survey
Despite the repeated abuse of privileged accounts in cyber-attacks, organizations continue to have a difficult time identifying and managing these critical vulnerabilities.
Read article
•Date: 10th May 2013 • World •Type: Article

CPNI publishes research into insider threats
UK Centre for the Protection of National Infrastructure recently conducted a study into insider threats and has now released a summary report.
Read article
•Date: 3rd May 2013 • UK •Type: Article

NIST issues major revision of core computer security guide
SP 800-53 update takes a more holistic approach to information security and risk management and calls for maintaining ‘cybersecurity hygiene’.
Read article
•Date: 2nd May 2013 • US •Type: Article

Printers, routers and other Internet-enabled devices being hijacked to participate in cyber attacks
New Prolexic white paper explains how to secure your devices and infrastructure from SNMP, NTP and CHARGEN attacks.
Read article
•Date: 1st May 2013 • World •Type: Article

Results of the 2013 Information Security Breaches Survey published
81 percent of respondents reported that senior management had not been able to put in place effective security, even though it was classed a high priority.
Read article
•Date: 23rd April 2013 • UK/World •Type: Article

The State of Network Security 2013
Poor change management processes lead to network and application outages.
Read article
•Date: 17th April 2013 • World •Type: Article

ENISA analyses the Spamhaus attack
Main conclusion is that Internet service providers are failing to apply BCP38 and BCP140 best practice recommendations.
Read article
•Date: 12th April 2013 • Europe/UK •Type: Article

An increase in mobile targeted threats is putting organizations at risk of cyber-espionage
Mobile enterprise management tools are failing to prevent spyware infecting smartphones.
Read article
•Date: 12th April 2013 • World •Type: Article

How the biggest DDOS attack in history highlights interdependencies
Spamhaus attack shows how interdependent our networks have become.
Read article
•Date: 3rd April 2013 • World •Type: Article

UK government launches public-private sector information sharing partnership on cyber security
The Cyber Security Information Sharing Partnership.
Read article
•Date: 27th March 2013 • UK •Type: Article

APT attacks clarified
Confusion exists as to what exactly an advanced persistent threat is and, even more importantly, how to manage the risks associated with APTs. Christos K. Dimitriadis provides some help.
Read article
•Date: 22nd March 2013 • World •Type: Article

Cyber attacks – a new edge for old weapons
EU cyber agency warns that urgent action is required to combat emerging cyber-attack trends.
Read article
•Date: 14th March 2013 • Europe/UK •Type: Article

US GAO reports on cybersecurity
‘A better defined and implemented national strategy is needed to address persistent challenges.’
Read article
•Date: 13th March 2013 • US •Type: Article

Consensus at RSA Conference 2013: PKI is under attack
At the recent RSA Conference 2013 in San Francisco, a clear consensus emerged: attacks on the trust established by cryptographic keys and certificates are on the rise and important element in today’s threat landscape.
Read article
•Date: 7th March 2013 • World •Type: Article

UK Cabinet Office requests feedback on cyber security organizational standards
Consultation runs until 14th October 2013 and at the end of the process the government intends to select and endorse an organizational standard that best meets the requirements for effective cyber risk management.
Read article
•Date: 5th March 2013 • UK •Type: Article

Five easy steps for implementing a data classification policy
Without classification as the foundation of the information protection strategy, it’s impossible for organizations to know what to protect, says Stephane Charbonneau.
Read article
•Date: 21st Feb 2013 • UK/World •Type: Article

Oil and gas process control systems increasingly at risk from cyber attacks
Oil and gas firms globally are increasingly exposed to cyber threats as a result of converging technological, terrorism and political risks, says Marsh.
Read article
•Date: 21st Feb 2013 • World •Type: Article

Cyber attacks on Australian business more targeted and coordinated
The 2012 Cyber Crime and Security Survey Report published this week.
Read article
•Date: 19th Feb 2013 • Australia •Type: Article

Cyber threats require a risk management approach
Information security programs that rely on defensive measures are no longer adequate.
Read article
•Date: 15th Feb 2013 • World •Type: Article

One in five enterprises have experienced an APT attack: ISACA survey
94 percent say APTs represent a credible threat to national security and economic stability, yet most enterprises are employing ineffective technologies to protect themselves.
Read article
•Date: 14th Feb 2013 • World •Type: Article

A tiered approach to BYOD control
The practice of employing a layered security model can and should be applied to BYOD says Scott Gordon.
Read article
•Date: 12th Feb 2013 • UK/World •Type: Article

European Commission publishes cybersecurity strategy
‘An Open, Safe and Secure Cyberspace’ represents the EU's vision on how best to prevent and respond to cyber disruptions and attacks.
Read article
•Date: 11th Feb 2013 • Europe/UK •Type: Article

Many companies do not give sufficient attention to cyber risks
According to the Meeting the Cyber Risk Challenge report.
Read article
•Date: 31st Jan 2013 • UK/Europe •Type: Article

Virtual servers are a weak link in data security management
Research conducted by Varonis has found that data security in virtualized environments is often neglected by IT organizations.
Read article
•Date: 30th Jan 2013 • World •Type: Article

UK signs up to World Economic Forum Cyber Resilience Partnership
The Rt Hon William Hague MP and The Rt Hon Francis Maude MP, The Foreign Secretary, has signed the World Economic Forum's new set of principles on Cyber Resilience on behalf of the UK Government.
Read article
•Date: 29th Jan 2013 • UK •Type: Article

Cyber security needs to be a board level issue
Tom Neaves and John Yeo describe a recent research project that looked at whether company boards have explicitly itemised cyber security as a material risk to the business.
Read article
•Date: 23rd Jan 2013 • UK •Type: Article

Radware releases global security report
Reveals new cyber attack methods uncovering blind-spots unrecognized by security professionals and organizations.
Read article
•Date: 23rd Jan 2013 • World •Type: Article

Large-scale DDoS attacks grow bigger and more diversified
According to Prolexic’s latest report.
Read article
•Date: 18th Jan 2013 • World •Type: Article

ENISA reports on Cyber Threat Landscape
New report from the EU’s cyber security agency.
Read article
•Date: 9th Jan 2013 • Europe/UK •Type: Article

While you are away for Christmas, who has access to your network and data?
GFI Software warns that the Christmas and New Year shutdown are ripe for exploitation by cyber criminals.
Read article
•Date: 19th Dec 2012 • World •Type: Article

The low hanging fruit of IT security
How smaller organizations can remain secure on limited budgets. By Chris Stoneff.
Read article
•Date: 7th Dec 2012 • World •Type: Article

Antivirus solutions ‘woefully inadequate’ says Imperva report
Antivirus solutions in study unable to detect newly created viruses; security investment misaligned.
Read article
•Date: 7th Dec 2012 • World •Type: Article

Three security hurdles to overcome when shifting from enterprise-owned devices to BYOD
Advice from Gartner.
Read article
•Date: 6th Dec 2012 • World •Type: Article

Taking the UK Cyber Security Strategy forward
The British government has published a new planning document that sets out actions that will be taken in future to bolster the UK Cyber Security Strategy.
Read article
•Date: 4th Dec 2012 • UK •Type: Article

The Top ten financial services cyber risk trends for 2013
Booz Allen Hamilton’s thoughts for the year ahead.
Read article
•Date: 30th Nov 2012 • US/World •Type: Article

Combatting cyber-attacks with honeypots
New guidance document from ENISA.
Read article
•Date: 23rd Nov 2012 • Europe/UK •Type: Article

Cyber threats forecast for 2013
Georgia Tech releases threat predictions.
Read article
•Date: 15th Nov 2012 • US/World •Type: Article

NIST releases draft guidelines to secure mobile devices
The US National Institute of Standards and Technology (NIST) has published draft guidelines that outline the baseline security technologies mobile devices should include to protect the information they handle.
Read article
•Date: 1st Nov 2012 • US/World •Type: Article

Could your employees detect and deflect a spear phishing attack?
Why are spear phishing attacks increasing and what can organizations do to prevent falling victim?
Read article
•Date: 31st Oct 2012 • World •Type: Article

Information security: fundamental change required
Short term information security solutions no longer an option if companies want to keep pace with today’s threats, warns Ernst & Young.
Read article
•Date: 30th Oct 2012 • UK •Type: Article

When it comes to data protection: don’t forget about paper
New research from Iron Mountain finds that many European businesses are at risk of information loss due to overburdened and disorganised paper storage programmes.
Read article
•Date: 25th Oct 2012 • UK/Europe •Type: Article

‘An Inside Track on Insider Threat’
New report examines the psychological, legal and technological tactics employed by leading organizations to mitigate insider threats.
Read article
•Date: 25th Oct 2012 • World •Type: Article

The threat of targeted cyber attacks is growing for businesses
Defending the corporate infrastructure against targeted attacks has become a vital business continuity challenge.
Read article
•Date: 23rd Oct 2012 • World •Type: Article

Survey shows cybersecurity complacency
US small business owners not concerned about cybersecurity; majority have no policies or contingency plans.
Read article
•Date: 18th Oct 2012 • US •Type: Article

ISO standard for cybersecurity published
ISO has announced the launch of ISO/IEC 27032:2012, 'Information technology – Security techniques – Guidelines for cybersecurity'.
Read article
•Date: 16th Oct 2012 • World •Type: Article

The 2012 Cost of Cyber Crime Study
Cybercrime costs rise nearly 40 percent, attack frequency double over a three-year period.
Read article
•Date: 10th Oct 2012 • US •Type: Article

Running lights out management without putting your organization’s lights out permanently
LOM is a potent technology which has its uses; however it also poses some potential risks which every enterprise must be aware of.
Read article
•Date: 9th Oct 2012 • World •Type: Article

DDoS attacks reach new level of size and sophistication
Prolexic Technologies has warned of an escalating threat from unusually large and highly sophisticated DDoS attacks.
Read article
•Date: 3rd Oct 2012 • World •Type: Article

How to ensure that information security is fit for purpose
‘Transforming Traditional Security Strategies into an Early Warning System for Advanced Threats’: new RSA Security advice.
Read article
•Date: 21st Sept 2012 • US/World •Type: Article

Mobile Device Management: Key Components, V1.0
New research report from the Cloud Security Alliance Mobile Working Group identifies 17 key elements that are critical for organizations to consider for the full lifecycle security management of mobile devices.
Read article
•Date: 21st Sept 2012 • World •Type: Article

New NIST publication provides guidance for IT risk assessments
‘Guide for Conducting Risk Assessments’ SP 800-30, Revision 1.
Read article
•Date: 20th Sept 2012 • US/World •Type: Article

CERT-EU becomes a permanent aspect of EU cyber threat response
The European Union institutions have reinforced their fight against cyber threats by establishing the EU's Computer Emergency Response Team, or CERT-EU, on a permanent basis.
Read article
•Date: 13th Sept 2012 • Europe/UK •Type: Article

The 2012 Global Financial Services Industry Security Study: Breaking Barriers
Increased coordinated activity among security and business groups being seen.
Read article
•Date: 12th Sept 2012 • World •Type: Article

BYOD out of control in many organizations
Survey finds that just 20 percent of IT service desks can adequately manage all mobile devices used by employees for work.
Read article
•Date: 12th Sept 2012 • UK/World •Type: Article

UK government publishes cyber security guidance for businesses
New guidance provides advice from security and intelligence experts across government about how to defeat most cyber attacks.
Read article
•Date: 11th Sept 2012 • UK •Type: Article

Digital forensics and its role in protecting the enterprise
Paul Kenyon examines the difference between proactive and reactive digital forensics and explains their contribution in the fight against malware and malicious activity.
Read article
•Date: 31st August 2012 • World •Type: Article

Reported data breaches rise 1000 percent in five years
There were 821 reported data breaches in the UK in 2011-12, compared with 79 in 2007-08.
Read article
•Date: 31st August 2012 • UK •Type: Article

Hacktivism proves to be a very real threat to business continuity
Saudi Aramco attack highlights an evolutionary step in hacktivism.
Read article
•Date: 29th August 2012 • World •Type: Article

Bring Your Own Device: ‘the most radical shift in enterprise client computing since the introduction of the PC’
Every business needs a clearly articulated position on BYOD, even if it chooses not to allow for it: Gartner.
Read article
•Date: 29th August 2012 • World •Type: Article

ENISA conducts a gap analysis of European cyber security legislation
In a new paper the EU cyber security agency ENISA takes a snapshot of existing and future EU legislation on security measures and cyber incident reporting.
Read article
•Date: 29th August 2012 • Europe/UK •Type: Article

Mitigating the impacts of social engineering attacks
As social engineering scams spread, Avecto says a least privilege solution is the best option for most organizations.
Read article
•Date: 17th August 2012 • World •Type: Article

Final version of updated NIST Computer Security Incident Handling Guide now available
Guide is a ‘how-to’ for dealing with computer security incidents.
Read article
•Date: 9th August 2012 • US/World •Type: Article

US cybersecurity legislation blocked
Republicans in the Senate have voted against moving forward on the Cybersecurity Act of 2012, blocking the progress of the bill.
Read article
•Date: 3rd August 2012 • US •Type: Article

IBM takes on Advanced Persistent Threats
Introduces new class of network security appliance to help control social media and web browsing risks.
Read article
•Date: 2nd August 2012 • World •Type: Article

Big data analytics can help reduce cyber security risks
Organizations must stop reacting to security incidents and predict and prevent them instead: Information Security Forum.
Read article
•Date: 31st July 2012 • World •Type: Article

NIST seeks comments on updates to guidance on network attacks and malware
The US National Institute of Standards and Technology is requesting comments on two updated guides on malicious computer attacks: one on preventing, detecting, and responding to attacks and one on preventing and mitigating the effects of malware.
Read article
•Date: 26th July 2012 • US •Type: Article

European Commission consults on future EU Network and Information Systems legislation
Feedback received will help the Commission draw up an approach to possible risk management and security breach reporting requirements that would affect businesses in particular.
Read article
•Date: 24th July 2012 • Europe/UK •Type: Article

International cybersecurity research roadmap launched
A new Queen's University Belfast report provides strategic recommendations under four main research themes which its authors have deemed to be critical to the on-going creation of cyber security defences.
Read article
•Date: 12th July 2012 • World •Type: Article

ISACA issues COBIT 5 for Information Security
ISACA has released COBIT 5 for Information Security, which builds on the recently released COBIT 5 framework to provide practical guidance for those interested in security at all levels of an enterprise.
Read article
•Date: 29th June 2012 • World •Type: Article

ENISA calls for kick-start in cyber insurance market
Europe’s businesses could benefit from better protection for their computer systems and data if the cyber insurance market can be kick started, says a new report from the European Network and Information Security Agency (ENISA).
Read article
•Date: 29th June 2012 • Europe/UK •Type: Article

Do as I say, not as I do...
Could you bring your company to its knees?
Read article
•Date: 21st June 2012 • World •Type: Article

‘First generation’ BYOD workers pose serious security challenges to corporate IT systems
According to a Fortinet global survey.
Read article
•Date: 21st June 2012 • World •Type: Article

Half of UK companies failing to heed security breach warnings
Research from The Bunker reveals that many UK companies aren’t taking action on known security concerns.
Read article
•Date: 15th June 2012 • UK •Type: Article

BYOD is top concern for enterprise mobile security: Gartner survey
A mobility strategy team should be established as part of the IT department for data management and control.
Read article
•Date: 14th June 2012 • World •Type: Article

BYOD: it’s time to throw out the rule book
Banning employee devices is not the answer to the BYOD information security challenge, says Grant Taylor.
Read article
•Date: 13th June 2012 •World •Type: Article

Cyber risk remains misunderstood despite growing concern among risk managers: Marsh
Despite mounting concerns about cyber risk and the potential financial and reputational consequences of information security breaches, leading organizations across Europe are failing to integrate cyber threats fully into their risk management strategies.
Read article
•Date: 12th June 2012 • UK/Europe •Type: Article

Cyber resilience needs to be top priority for CEOs: World Economic Forum
Hyperconnectivity and the evolution in cyber attacks require CEOs to take ownership of cyber risk management, according to a new report launched by the World Economic Forum developed in collaboration with Deloitte.
Read article
•Date: 1st June 2012 • World •Type: Article

Google sync feature creates new information security risk
‘Bring Your Own Browser’ threat identified.
Read article
•Date: 1st June 2012 • World •Type: Article

Information Security Forum warns of increase in sophisticated state-sponsored cyber attacks in the wake of Flame
Organizations must adapt their approach to cyber security.
Read article
•Date: 31st May 2012 • UK/World •Type: Article

ISACA issues guidance on virtualized desktop infrastructure (VDI)
VDI allows users to access applications and data securely from remote locations with minimal risk of data loss.
Read article
•Date: 25th May 2012 • World •Type: Article

Information management at the crossroads: is it time for ‘corporate information responsibility’?
Could CIR enhance information risk management?
Read article
•Date: 22nd May 2012 • UK/Europe •Type: Article

‘How Boards & Senior Executives Are Managing Cyber Risk’
An in-depth report from Carnegie Mellon University’s CyLab.
Read article
•Date: 18th May 2012 • US •Type: Article

The role of the chief information security executive is changing
IBM study finds that CISOs are gaining more strategic organizational responsibilities.
Read article
•Date: 8th May 2012 • World •Type: Article

Australian businesses given data breach crisis management advice
Over 180 business leaders representing some of Australia’s largest organizations met on April 30th to discuss how to prevent a data breach, and how to respond to one, if or when it occurs.
Read article
•Date: 1st May 2012 • Australia •Type: Article

Survey looks into bring your own device trends
Banning employees’ mobile devices creates more risks than allowing supported use does.
Read article
•Date: 27th April 2012 • US/World •Type: Article

US GAO reports on ‘Cybersecurity: Threats Impacting the Nation’
The number of cybersecurity incidents reported by federal agencies continues to rise, and recent incidents illustrate that these pose serious risk.
Read article
•Date: 26th April 2012 • US •Type: Article

The 2012 Information Security Breaches Survey
The average large organization faces a significant outsider attack every week; small businesses face one a month.
Read article
•Date: 25th April 2012 • UK •Type: Article

Data protection lessons not being learned
Research discovers 70 percent of organizations still failing to take data protection seriously.
Read article
•Date: 20th April 2012 • World •Type: Article

Inadequate security on mobile phones and tablets exposes UK businesses to massive risk: new research by PwC/InfoSecurity Europe
Organizations aren’t responding to new security challenges...
Read article
•Date: 18th April 2012 • UK •Type: Article

Threat Horizon 2014
Annual report provides organizations with insights into managing risks as ‘security threats collide’.
Read article
•Date: 3rd April 2012 • World •Type: Article

The top 10 list for winning the battle against insider threats
CERT has issued a useful checklist to help organizations combat insider threats. The advice has been drawn from the CERT Insider Threat Center's case files.
Read article
•Date: 29th March 2012 • US/World •Type: Article

So you think SharePoint is secure? Think again!
Jamie Bodley-Scott looks at the insecurities Sharepoint introduces and suggests a three dimensional model to stem the resultant flow of data.
Read article
•Date: 27th March 2012 • Region: World

The Information Risk Maturity Index
Iron Mountain and PwC launch Europe’s first ‘Information Risk Maturity Index.’
Read article
•Date: 23rd March 2012 • UK/Europe •Type: Article

Standards for cyber security testing to be introduced in Australia
Australian businesses will have clear and agreed standards for cyber security testing after an announcement that an Australian branch of the Council of Registered Ethical Security Testers (CREST) has been established.
Read article
•Date: 14th March 2012 • Australia •Type: Article

NIST publishes guidance on wireless local area network security
The US National Institute of Standards and Technology has released a guide to enhanced security for wireless local area networks.
Read article
•Date: 7th March 2012 • US •Type: Article

NIST revision of SP 800-53 addresses current cybersecurity threats
Request for comments is open until April 6th.
Read article
•Date: 1st March 2012 • US •Type: Article

What’s missing from DLP?
Data loss prevention solutions don’t provide an information security panacea but adding PICWIC enhances them, says David Gibson.
Read article
•Date: 24th February 2012 • Region: World •Type: Article

One in three companies experienced at least one DDoS attack in the last twelve months
Motivations for attacks differ dramatically between UK and US.
Read article
•Date: 23rd February 2012 • UK/US •Type: Article

The new EU data protection guidelines
Christian Toon overviews planned changes to European data protection laws and their implications for data handling and management.
Read article
•Date: 23rd February 2012 • Region: UK/Europe •Type: Article

NIST gives more details about National Cybersecurity Center of Excellence
Will enable public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies.
Read article
•Date: 22nd February 2012 • US •Type: Article

The CERT Guide to Insider Threats: new book
Describes the CERT Insider Threat Center's practical findings on insider cyber-crimes, as well as guidance and countermeasures for organizations.
Read article
•Date: 16th February 2012 • US/World •Type: Article

Report ‘debunks prevailing myths about distributed denial of service (DDoS) attacks’
Smaller, less intensive attacks, can wreak more damage on enterprises than large bandwidth cyber-attacks, according to a new study from Radware.
Read article
•Date: 8th February 2012 • World •Type: Article

World Economic Forum launches ‘Risk and Responsibility in a Hyperconnected World: Principles and Guidelines’
Principles aim to provide organizations with a model for organizational cyber resilience
Read article
•Date: 1st February 2012 • World •Type: Article

IBM launches new software to help organization control the influx of mobile devices to the workplace
Take control of ‘bring your own device’ threats.
Read article
•Date: 1st February 2012 • World •Type: Article

‘Cyber Security Strategies: Achieving Cyber Resilience’
New guidance document from the Information Security Forum.
Read article
•Date: 27th January 2012 • UK/World •Type: Article

PwC highlights cyber attack realities in Davos
On 25th January 2012 PwC hosted ‘a real time cyber crisis’ at the World Economic Forum.
Read article
•Date: 26th January 2012 • World •Type: Article

European Commission publishes new data protection proposals
Non-compliance penalties can be as high as 2 percent of the global annual turnover of a company.
Read article
•Date: 25th January 2012 • Europe / UK •Type: Article

SharePoint users develop insecure habits
Survey finds almost half of SharePoint users disregard the security within SharePoint, and copy sensitive or confidential documents to insecure hard drives, USB keys or even email it to a third party.
Read article
•Date: 19th January 2012 • World •Type: Article

Twenty critical controls for effective cyber defence
New guidance document from the UK Centre for the Protection of National Infrastructure.
Read article
•Date: 13th January 2012 • UK •Type: Article

2012 IT security predictions: blanket encryption or apocalypse now
2011 was the year of the third-party trust compromise, and the year of the bring your own device mobile revolution. Both of these will have their parts to play in 2012.
Read article
•Date: 1st January 2012 • Region: World
•Type: Article

Industrial control systems: recommendations for improving security
Latest ENISA report describes the current situation concerning industrial control systems security and proposes seven recommendations for improving it.
Read article
•Date: 21st December 2011 • Europe/UK •Type: Article

Information security trends for 2012
Cryptzone’s predictions for the top security trends for the coming year.
Read article
•Date: 16th December 2011 • Region: World

How to detect and stop corporate espionage
The key to successfully preventing espionage is to not just focus on information security. By Michael Podszywalow, MBA, CISSP, CISM, CISA, CEH.
Read article
•Date: 2nd December 2011 • Region: World

2012 security predictions
Andy Kemshall reflects on the last twelve months and gives his forecast of the top security trends for the year ahead.
Read article
•Date: 25th November 2011 • Region: UK •Type: Article

Managing the risks of information leakage
Information leakage can slip under the conventional information security safety net: Bernardo Patrão highlights the problem and discusses techniques that help reduce the risk of damaging information leakage impacts.
Read article
•Date: 23rd November 2011 • Region: World

The DigiNotar, Comodo and RSA breaches: what have we learned?
Enterprises need to move past the shock and begin formulating their own compromise recovery and business continuity plans.
Read article
•Date: 23rd November 2011 • Region: World

New NIST tool helps organizations meet HIPAA requirements
Free HIPAA Security Rule Toolkit is intended to be a resource that covered entities can use to support their risk assessment processes.
Read article
•Date: 23rd November 2011 • Region: US

Security trends for 2012
User-centric attacks, hyperconnected social engineering, shoulder surfing, USB jacking and Cloud confusion are among the threats to watch.
Read article
•Date: 17th November 2011 • Region: World •Type: Article

New ISO/IEC technical report provides information security control guidelines
A new ISO/IEC technical report (TR) providing technical controls and compliance guidelines for auditors can improve the effectiveness of an organization’s information security system, says ISO.
Read article
•Date: 9th November 2011 • Region: World •Type: Article

14th Annual Global Information Security Survey: Companies rush to adopt new technologies leaving security threats as an after-thought
72 percent of companies see increasing level of risk due to external threats, yet only 12 percent discuss security issues in their regular board meetings.
Read article
•Date: 2nd November 2011 • Region: World •Type: Article

NIST releases update to smart grid roadmap
Includes a Risk Management Framework to provide guidance on security practices.
Read article
•Date: 28th October 2011 • Region: US/World •Type: Article

Information Security Governance – raising the game
Outlines how adopting a governance-style approach can lift security out of its technical ‘comfort zone’ and into a wider business context.
Read article
•Date: 26th October 2011 • Region: World •Type: Article

Majority of US small businesses ‘suffer from false sense of cyber security’: survey
The majority of small business owners believe that Internet security is critical to their success and that their companies are safe from cyber security threats: but most fail to take fundamental precautions.
Read article
•Date: 25th October 2011 • Region: US

The Duqu virus explored
Highly targeted threat follows in Stuxnet’s footsteps.
Read article
•Date: 21st October 2011 • Region: World •Type: Article

ISO officially launches ISO/IEC 27035:2011
New standard entitled ‘Information technology – Security techniques – Information security incident management.’
Read article
•Date: 21st October 2011 • Region: World •Type: Article

Certificate management explored
Calum MacLeod highlights twelve classic mistakes which can result in certificate-related downtime and IT security breaches.
Read article
•Date: 20th October 2011 • Region: World •Type: Article

Zero-day threats may be exaggerated
Microsoft Security Intelligence Report says that less than one percent of exploits in the first half of 2011 were against zero-day vulnerabilities.
Read article
•Date: 13th October 2011 • Region: World •Type: Article

Cyber threats forecast for 2012
Georgia Tech report highlights the security issues which are expected to cause the most problems to organizations in 2012.
Read article
•Date: 12th October 2011 • Region: World •Type: Article

US public/private leaders collaborate on ways to fight botnets
A voluntary industry code of conduct to address the detection and mitigation of botnets is needed.

Read article

•Date: 5th October 2011 • Region: US •Type: Article

Smartphones and enterprise security
Smartphones raise key security issues, which many organizations have yet to address.
Read article
•Date: 30th Sept 2011 • Region: World •Type: Article

2011 is the ‘Year of the Security Breach’ according to IBM X-Force report
The percentage of critical vulnerabilities has tripled in 2011.

Read article

•Date: 30th September 2011 • Region: World •Type: Article

‘An Anatomy of a SQL Injection Attack’
How hackers are innovating SQLi attacks to bypass security controls as well as increase potency.

Read article

•Date: 23rd September 2011 • Region: World •Type: Article

Social engineering risks explored
Check Point survey reveals nearly half of enterprises are victims of social engineering.

Read article

•Date: 22nd September 2011 • Region: UK/World •Type: Article

Understanding the correlation between data leakage and the security mission
In many apparently very secure organizations, data leakage enabled by advanced evasion techniques is a potential disaster just waiting to happen. By Professor John Walker.
Read article
•Date: 21st Sept 2011 • Region: World •Type: Article

New from NIST: Guide for Conducting Risk Assessments
Comprehensive information risk assessment guidance published; open for public comments through to November 4.

Read article

•Date: 21st September 2011 • Region: US •Type: Article

The dawn of the cyber savvy CEO
It’s time for leaders to get to grips with cyber threats, says PwC.

Read article

•Date: 16th September 2011 • Region: UK/World •Type: Article

Companies ignore e-crime insurance despite growing risk
Just over a quarter of UK organizations have taken out insurance against interruption of business by hackers, according to a KPMG survey.

Read article

•Date: 7th September 2011 • Region: UK •Type: Article

Cybercrime rises up the boardroom agenda
High profile corporate cybercrime is putting information security on boardroom agendas around the world, a global survey has revealed.

Read article

•Date: 19th August 2011 • Region: World •Type: Article

Emerging mobile culture threatening UK businesses
Workplace systems over-run by unsecure devices; widespread failure to comply with security measures.

Read article

•Date: 5th August 2011 • Region: UK •Type: Article

HP publishes ‘Second Annual Cost of Cyber Crime Study’
56 percent rise in cost of cybercrime; average cost to a large organization is $5.9 million per year.

Read article

•Date: 5th August 2011 • Region: World •Type: Article

EU cyber-security agency flags urgent security fixes for new web standards/HTML5
ENISA has identified 50 security threats and proposed how they should be addressed.

Read article

•Date: 3rd August 2011 • Region: World •Type: Article

US-CERT issues ‘Security Recommendations to Prevent Cyber Intrusions’
Technical Cyber Security Alert issued in response to growing number of high-profile incidents.

Read article

•Date: 22nd July 2011 • Region: US/World •Type: Article

Hacktivism and the lessons learned from LulzSec
What can be done to prevent future cyber disasters? By Rob Rachwald and Noa Bar Yosef.
Read article

•Date: 13th July 2011 • Region: World •Type: Article

The mobile security conundrum
As the lines between portable computers and mobile devices become blurred organizations need to act to address security vulnerabilities which could lead to data breaches and downtime. By Andy Cordial.

Read article

•Date: 29th June 2011 • Region: UK/World •Type: Article

Mobile security reaching a tipping point for organizations
Various significant security breaches that have occurred in 2011 have dramatically highlighted the link between information security and business continuity. In this article Rob Rachwald discusses an issue which is adding fuel to the fire: the growing security threat posed by mobile devices.

Read article

•Date: 16th June 2011 • Region: World •Type: Article

US Commerce Department proposes new policy framework to help protect companies where the Internet is business-critical
Aimed at businesses that rely on the Internet but which are not part of the critical infrastructure sector.

Read article

•Date: 15th June 2011 • Region: US •Type: Article

A growing threat to corporate networks: employee-owned devices
Over half of large UK businesses allow the use of employee-owned devices; but many of these are insecure and unmanaged.

Read article

•Date: 14th June 2011 • Region: UK •Type: Article

How employees’ holiday technology risks impact corporate networks
Survey reveals that over a quarter of respondents planning a trip abroad in 2011 admitted they would connect their devices to any available PC. And more than half confessed to inserting the same gadgets into their work PCs.

Read article

•Date: 3rd June 2011 • Region: UK •Type: Article

Organizations worldwide not keeping up with new security threats
73 percent of network devices analysed carry at least one known security vulnerability.

Read article

•Date: 25th May 2011 • Region: World •Type: Article

Cyber-attacks, Black Swans and business continuity management
Don’t plan for specific incidents: instead businesses need to have the right capabilities, which means training people in appropriate crisis skills. By Jim Preen.

Read article

•Date: 6th May 2011 • Region: World •Type: Article

Alarming rise in information security attacks against industrial control systems
Idappcom warns that this could be an indicator of a new attack trend.

Read article

•Date: 29th April 2011 • Region: World •Type: Article

PlayStation Network: will this be the largest online corporate disaster ever?
The crisis at Sony’s PlayStation Network has moved on from being an availability incident to a full scale corporate disaster.

Read article

•Date: 27th April 2011 • Region: World •Type: Article

ENISA issues final report on Cyber Europe 2010
Summary of lessons learned during the first pan-European cyber security exercise.

Read article

•Date: 20th April 2011 • Region: Europe / UK •Type: Article

The rise of APT
Defining Advanced Persistent Threats, by Amichai Shulman, CTO of Imperva.
Read article

•Date: 19th April 2011 • Region: World •Type: Article

Maturity model for information security management released
Enables the creation of information security management systems that are fully aligned with any organization's business mission and compliance needs.
Read article

•Date: 12th April 2011 • Region: World •Type: Article

European Commission reviews Member States' protection against cyber attacks
Report published to take stock of progress made in implementing the EU-wide 2009 action plan.

Read article

•Date: 5th April 2011 • Region: UK/Europe •Type: Article

Beware the ‘vanity attack’
Attackers are targeting individuals to gain access to corporate networks. Mickey Boodaei explains the process.

Read article

•Date: 25th March 2011 • Region: World •Type: Article

RSA breach: what are the risks?
RSA has announced that it has been the victim of an ‘extremely sophisticated’ hack which managed to breach its security. This page provides an update on the situation and various attempts at analysis of the risks the incident may pose to RSA users.

Read article

•Date: 22nd March 2011 • Region: World •Type: Article

Information Security Forum points to ‘disappearing network boundary’ as quarter of a million Google Android phones are hacked
Organizations need to start building a security model which does not rely on the network for protection.

Read article

•Date: 11th March 2011 • Region: World •Type: Article

Smartphones and enterprise systems: don’t let convenience override security considerations
Use your smartphone to log into cloud and secure systems at your peril says Lieberman Software CEO.

Read article

•Date: 3rd March 2011 • Region: US/World •Type: Article

New NIST publication offers advice on integrating information security risk planning into mission-critical functions
‘Managing Information Security Risk: Organization, Mission, and Information System View.’

Read article

•Date: 3rd March 2011 • Region: US/World •Type: Article

EU cyber security agency warns of risks associated with new types of cookies
New generation of cookies raise online security concerns.

Read article

•Date: 22nd Feb 2011 • Region: Europe •Type: Article

Information security from a business perspective
It’s time to stop seeing information security as simply a technical issue. By Christos K. Dimitriadis, Ph.D., CISA, CISM.

Read article

•Date:8th Feb 2011 • Region: World •Type: Article

New guide to cyber security incident management
The European Network and Information Security Agency has issued a guide on good practice, practical information and guidelines for the management of network and information security incidents by CERTs.

Read article

•Date: 21st Jan 2011 • Region: Europe / UK •Type: Article

OECD report provides a comprehensive analysis of the risks and impact of cyberattacks
Written by Peter Sommer and Ian Brown, the report is a contribution to the OECD project ‘Future Global Shocks’.

Read article

•Date: 18th Jan 2011 • Region: World •Type: Article

Weaponised malware - how criminals could use digital certificates to cripple organizations
In many companies digital certificates are an unquantified and unmanaged risk, says Jeff Hudson.

Read article

•Date: 14th Jan 2011 • Region: UK/World •Type: Article

New NIST publications provide recommendations for managing information security as a key component of mission-critical functions
Guidelines recommend an organization-wide IT security risk management approach.

Read article

•Date: 11th Jan 2011 • Region: US •Type: Article

A taxonomy of operational cyber security risks
CERT has published a technical note that attempts to identify and organize the sources of operational cyber security risk.

Read article

•Date: 4th Jan 2011 • Region: US/World •Type: Article

EU’s cyber-security agency highlights smartphone risks
A new ENISA report identifies the top security risks and opportunities of smartphone use and gives practical security advice for businesses, governments and consumers.

Read article

•Date: 14th Dec 2010 • Region: UK/Europe/World •Type: Article

US Financial Services Sector Coordinating Council signs cybersecurity research agreement with NIST, DHS
Will explore the benefits of new cybersecurity technologies and develop new processes that benefit critical financial services functions.

Read article

•Date: 10th Dec 2010 • Region: US •Type: Article

PwC comments on cyber attacks to defend WikiLeaks
“This is the first widespread fight on the Internet against repression and control.”

Read article

•Date: 10th Dec 2010 • Region: World •Type: Article

Securing privileged identities: a critical area of cloud security
As a cloud infrastructure grows, so too does the presence of unsecured privileged identities. By Phil Lieberman.
Read article

•Date: 8th Dec 2010 • Region: UK/World •Type: Article

Public and private sectors must partner on cyber security to prevent a “cyber 9/11”
Stuxnet a warning that must be acted upon, says US Homeland Security and Governmental Affairs Committee.

Read article

•Date: 19th Nov 2010 • Region: US •Type: Article

Unisys security predictions for 2011
Business continuity planning investment will grow as a defense/defence against cyber attacks.

Read article

•Date: 19th Nov 2010 • Region: US/World •Type: Article

Cybersecurity best practices and policy issues discussed at November ANSI Caucus
Continued public-private sector cooperation is critical to developing a reliable, resilient, and trusted digital infrastructure.

Read article

•Date: 18th Nov 2010 • Region: US •Type: Article

Top ten security trends for 2011
Imperva has provided its predictions for the top ten security trends for 2011.
Read article

•Date: 16th Nov 2010 • Region: US/World •Type: Article

New NIST guidance on managing WiMAX network risks
Special Publication 800-127.

Read article

•Date: 10th Nov 2010 • Region: US •Type: Article

13th annual Ernst & Young Global Information Security Survey
Emerging technology trends increase risks of protecting corporate information.

Read article

•Date: 4th Nov 2010 • Region: World •Type: Article

Security professionals are missing key information risks
Citicus is warning that financial organizations are neglecting key risks to their information systems by focusing too narrowly on technical data security controls.
Read article

•Date: 28th Oct 2010 • Region: World •Type: Article

Cyber threats to economic welfare do not stop at the public sector
UK businesses should take heed of the government’s actions in providing extra funding for cyber security which has been highlighted as a Tier 1 (most serious) threat to UK infrastructure.
Read article

•Date: 22nd Oct 2010 • Region: UK •Type: Article

Cyberwars : a real and present danger
Businesses at risk from collateral and intentional damage.
Read article

•Date: 15th Oct 2010 • Region: US/World •Type: Article

Lost in translation
Tackling the risk of security breaches in companies is being undermined by a potentially damaging breakdown in communication between the information security function, IT and the rest of the business, new joint research by PwC and (ISC)² reveals.
Read article

•Date: 15th Oct 2010 • Region: World •Type: Article

If your head’s in the cloud, keep your feet on the ground
Cloud models and their associated risks. By Ruvi Kitov.
Read article

•Date: 13th Oct 2010 • Region: World •Type: Article

Awareness of the risks of poor information management and records keeping is rising: AIIM survey
However, a third of organizations still have no systems in place to manage and record their electronic documents.
Read article

•Date: 13th Oct 2010 • Region: World •Type: Article

Cyber threats forecast for 2011
The Georgia Tech Information Security Center has announced the release of the GTISC Emerging Cyber Threats Report for 2011.
Read article

•Date: 8th Oct 2010 • Region: World •Type: Article

Stuxnet is a malware paradigm shift: EU cyber security agency
Europe should reconsider its protection measures for critical information infrastructure protection in the light of Stuxnet.
Read article

•Date: 8th Oct 2010 • Region: Europe •Type: Article

State of the Internet 2010: A Report on the Ever-Changing Threat Landscape
CA Technologies report shows the rise of ‘Crimeware-as-a-Service’.
Read article

•Date: 6th October 2010 • Region: World •Type: Article

Centre for the Protection of National Infrastructure issues Stuxnet guidance
The Stuxnet attacks confirm earlier warnings of the vulnerabilities from merging engineering domains with previously separate business networks.
Read article

•Date: 5th October 2010 • Region: UK •Type: Article

Commission to boost Europe's defences against cyber-attacks
Two new measures announced.
Read article

•Date: 1st October 2010 • Region: Europe •Type: Article

Cyber Storm III completed
Participants from the US, Australia, Canada, France, Germany, Hungary, Italy, Japan, the Netherlands, New Zealand, Sweden, Switzerland, and the United Kingdom have taken part in a comprehensive cyber-incident exercise.
Read article

•Date: 1st October 2010 • Region: Various •Type: Article

New research improves ability to detect malware in cloud computing systems
North Carolina State University software addresses one of cloud computing's weak links: hypervisor integrity.
Read article

•Date: 22nd Sept 2010 • Region: US/World •Type: Article

UK out of step with the rest of the world when it comes to planned spending on information security
And business impacts of IS breaches increasing: according to 2011 PwC Global State of Information Security Survey.
Read article

•Date: 16th Sept 2010 • Region: UK •Type: Article

The buck stops here: why the CEO is responsible for everything
Ray Bryant explains why the big chair in most organizations can carry a lot more responsibility than you might think...
Read article

•Date: 9th Sept 2010 • Region: World •Type: Article

Information security starts before software purchase
CPNI has published a list of questions that procurement teams, business risk managers and information security professionals should be asking vendors to help prevent software related downtime.
Read article

•Date: 3rd Sept 2010 • Region: UK/World •Type: Article

Misconfigured networks are the main cause of breaches
According to Tufin Technologies’ annual ‘Hacking Habits’ survey.
Read article

•Date: 1st Sept 2010 • Region: World •Type: Article

Global security threats have reached record levels
IBM X-Force report reveals 36 percent rise in vulnerability disclosures for first half of 2010.
Read article

•Date: 26th August 2010 • Region: World •Type: Article

DEF CON survey looks into cloud hacking
Hackers see the cloud as full of opportunities.
Read article

•Date: 26th August 2010 • Region: World •Type: Article

GAO report finds that US public-private cybersecurity coordination is still lacking
‘Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed.’
Read article

•Date: 18th August 2010 • Region: US •Type: Article

The top five undiscovered vulnerabilities most commonly found on enterprise networks
At least 84 percent of enterprises lack network visibility into frequently exploited but easily remedied vulnerabilities, says Lumeta.
Read article

•Date: 4th August 2010 • Region: World •Type: Article

Cloud Security Alliance launches ‘Certificate of Cloud Security Knowledge’
Aimed at promoting secure cloud computing.
Read article

•Date: 28th July 2010 • Region: World •Type: Article

NIST publishes draft cloud computing and virtualization security guidance
Comment period runs until August 13th.
Read article

•Date: 22nd July 2010 • Region: US •Type: Article

UK Centre for the Protection of National Infrastructure publishes guide to managing online social networking risks
‘Online social networking - a good practice guide.’
Read article

•Date: 20th July 2010 • Region: UK/World •Type: Article

Winners of US National Cybersecurity Awareness Challenge announced
The Challenge, announced in March, received more than 80 proposals.
Read article

•Date: 16th July 2010 • Region: US •Type: Article

Updated computer security NIST guidelines focus on security assessment plans
Revised Guide for Assessing Security Controls in Federal Information Systems and Organizations.
Read article

•Date: 8th July 2010 • Region: US •Type: Article

‘Security awareness: Turning your people into your first line of defence’
Many companies over-confident about business continuity plans, according to Marsh survey.

Read article

•Date: 18th June 2010 • Region: World •Type: Article

A tale of two hacks
What every business continuity manager should know about advanced persistent threats and industrialized hacking.

Read article

•Date: 17th June 2010 • Region: World •Type: Article

Using new UK ICO powers as a force for change
Now is a good opportunity to focus executive management on fixing data protection holes in your organization, says Dave Tripier.

Read article

•Date: 16th June 2010 • Region: UK •Type: Article

Deloitte 2010 security survey: financial institutions making identity and access management tools their top priority
Security practices of financial institutions evolve.

Read article

•Date: 11th June 2010 • Region: World •Type: Article •Topic: Financial sector BC

Digital copiers and information security
Many organizations are unaware of the information security risks associated with copiers, fax machines and large volume printers. By Dr. Jim Kennedy.

Read article

•Date: 2nd June 2010 • Region: US/World •Type: Article

New computer security threat warning
Researchers predict new threat for wireless networks: Typhoid adware.

Read article

•Date: 25th May 2010 • Region: US/World •Type: Article

‘Security for Cloud Computing Users’: survey results
US organizations are more likely to deploy business-critical applications in the cloud than their European counterparts.

Read article

•Date: 19th May 2010 • Region: US/Europe •Type: Article

Cloud security study
IT unaware of all cloud services used in their enterprise; less than half of cloud services are vetted for security.

Read article

•Date: 13th May 2010 • Region: US •Type: Article

New study looks into network resilience of 30 European countries
Key security actors, strategies, and good practices in Europe mapped by ENISA.

Read article

•Date: 12th May 2010 • Region: UK/Europe •Type: Article

When it comes to information security many employees are ‘the enemy within’
Survey finds that many employees are generally imprudent and ambivalent when it comes to their company's overall security health.

Read article

•Date: 11th May 2010 • Region: World •Type: Article

UK IT departments losing the social media security ‘power struggle’
More than half of IT decision makers in the UK see the security threat of staff use of social media as their biggest concern, according to new research by LANDesk Software.

Read article

•Date: 6th May 2010 • Region: UK/World •Type: Article

2010 Information Security Breaches Survey results
New wave of security breaches hitting UK businesses.

Read article

•Date: 29th April 2010 • Region: UK •Type: Article

Priorities identified for future EU research into IT security
The EU’s cyber security Agency ENISA has published a new report concluding that the EU should focus its future IT security research on five areas.

Read article

•Date: 29th April 2010 • Region: UK/Europe •Type: Article

Data protection a critical business issue and not just a technology concern: but perception of data security at odds with reality
Accenture study finds gaps between business strategy, risk management, compliance reporting and IT security.

Read article

•Date: 28th April 2010 • Region: World •Type: Article

North Carolina State University research offers ‘key to resolving virtualization and cloud computing hypervisor security issues’
New ‘HyperSafe’ solution, leverages existing hardware features to secure hypervisors.

Read article

•Date: 28th April 2010 • Region: US/World •Type: Article

‘The Financial Management of Cyber Risk: An Implementation Framework for CFOs'
New guidance from the Internet Security Alliance and the American National Standards Institute.

Read article

•Date: 27th April 2010 • Region: US •Type: Article

Fast pace of change in technology use is leaving businesses at risk
Cloud computing and social networking leave UK businesses highly exposed to cyber attacks, according to the 2010 Information Security Breaches Survey.

Read article

•Date: 22nd April 2010 • Region: UK/World •Type: Article

‘Growing sophistication of cyber attacks pose greatest risk to US infrastructure’: Clarus Research Group survey
Federal IT personnel believe that the possibility is ‘high’ for a cyber attack by a foreign nation in the next year.

Read article

•Date: 9th April 2010 • Region: US •Type: Article

‘Shadows In The Cloud: Investigating Cyber Espionage 2.0’
A joint report by The Information Warfare Monitor and the Shadowserver Foundation has highlighted how the public cloud is being utilised by advanced hackers.

Read article

•Date: 7th April 2010 • Region: N.America/World •Type: Article

Western organizations are ignoring iPhone security risks
Corporate network security can potentially be bypassed through iPhone use, says DeviceLock.

Read article

•Date: 30th March 2010 • Region: World •Type: Article

Council of Europe call for worldwide implementation of the Budapest Convention on cybercrime
At its recent 5th annual conference on cybercrime, the Council of Europe called for the worldwide implementation of its Convention on Cybercrime.

Read article

•Date: 26th March 2010 • Region: W.Europe •Type: Article

ISO and IEC publish new information security management systems standard
‘ISO/IEC 27003:2010, Information technology – Security techniques – Information security management system implementation guidance.’

Read article

•Date: 22nd March 2010 • Region: World •Type: Article

Will virtualization and cloud computing change how we achieve security?
By Gert Hansen, chief software architect, Astaro.

Read article

•Date: 12th March 2010 • Region: World •Type: Article

Symantec 2010 State of Enterprise Security Study
75 percent of organizations have suffered a cyber attack losing an average of $2 million annually.

Read article

•Date: 10th March 2010 • Region: World •Type: Article

The Cloud Security Challenge
The Global Security Challenge has launched a competition to discover innovative new solutions to help protect governments and enterprises as they adopt the cloud.

Read article

•Date: 4th March 2010 • Region: World •Type: Article

NIST releases ‘Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach’
Final version now available.

Read article

•Date: 4th March 2010 • Region: US •Type: Article

Top cloud security threats identified in new research report
Report published by the Cloud Security Alliance and HP.

Read article

•Date: 2nd March 2010 • Region: World •Type: Article

Document-related threats rising dramatically: IBM X-Force report
Attackers target profitable and easily executable vulnerabilities in Web browsers and document readers.

Read article

•Date: 26th Feb 2010 • Region: World •Type: Article

Fuzzing: helping to avoid zero-day attacks
What is fuzzing? Ari Takanen explains.

Read article

•Date: 23rd Feb 2010 • Region: World •Type: Article

Mobile security – the time has come for action
Advances in mobile device technology are running ahead of changes to corporate defences. By Sean Glynn.

Read article

•Date: 12th Feb 2010 • Region: UK/World •Type: Article

Cyber-war is here and the enterprise is on the frontlines
Critical infrastructure more than twice as likely to be targeted in cyber-attacks, according to ScanSafe Annual Global Threat Report.

Read article

•Date: 12th Feb 2010 • Region: World •Type: Article

IT security 2010
Stonesoft warns of heightened risk.

Read article

•Date: 5th Feb 2010 • Region: World •Type: Article

NIST issues expanded draft of Smart Grid Cyber Security Strategy
Draft for public review and comment; includes more detailed technical inputs.

Read article

•Date: 4th Feb 2010 • Region: US •Type: Article

APRA releases guidance on the management of security risk in information and information technology
Aims to target areas where APRA’s ongoing supervisory activities continue to identify weaknesses.

Read article

•Date: 3rd Feb 2010 • Region: Australia •Type: Article

UK Security Breach Investigations Report 2010 published
A report summarising analysis of data compromise cases has been released by Computer Security and Forensics consulting firm 7Safe and the University of Bedfordshire. Anonymised data has been analysed from over 60 computer forensic investigations undertaken by 7Safe. Entitled ‘The UK Security Breach Investigations Report’, it is available from www.7Safe.com/breach_report
•Date: 3rd Feb 2010 • Region: UK •Type: Briefing

Cloud computing changing the risk landscape
However, little or no consideration has gone into evaluating and mitigating the risks.

Read article

•Date: 26th Jan 2010 • Region: UK •Type: Article

Fifth annual Worldwide Infrastructure Security Report
Finds service and application-layer attacks replace large scale botnet-enabled attacks as top operational threat.

Read article

•Date: 21st Jan 2010 • Region: World •Type: Article

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here