INFORMATION SECURITY MANAGEMENT: ARTICLESNIST publishes guidance on supply chain risk management practices What are nation state information security attacks really telling us? Many organizations still vulnerable to Heartbleed FFIEC issues cyber attacks advice DDoS attacks increasing as a business continuity threat to EMEA organizations Organizations fear the Cryptoapocalypse Boards must up their game before the hackers claim checkmate Why security need not stifle agility ASIC issues major cyber resilience report Survey highlights DDoS impacts Survey finds that good information security is a positive business benefit Apple and Microsoft issue FREAK fixes Don’t panic! Six steps for surviving your first data breach Social messaging and file-sharing content is left unmanaged in a third of firms: AIIM study Organizations still leaving security gaps unfilled Information security management is changing: Gartner The 2015 Cyber Risk Report Endpoint Protection: Attitudes and Trends 2015 Bank cyber-attacks highlight the need for ‘war games’ The limits of prevention-centric information security programs highlighted NIST Industrial Control Systems Security Guide update published for final public review How much could a DDoS attack cost your business? Seven things you need to know about the ‘GHOST’ vulnerability The 10th Annual Worldwide Infrastructure Security Report Information security: why we should talk about incident response President Obama proposes ‘Enabling Cybersecurity Information Sharing’ legislation IBM study: number of cyber attacks on retailers drops by half in 2014 compared to 2012 Cybersecurity predictions for 2015 If you doubted that information security was a business continuity issue consider a four letter word: Sony What can you do to make sure your organization is not the next Sony? 2015 cyber risk and data protection predictions Shaping mobile security Security predictions for 2015 British companies at risk of becoming cyber-dominoes Badly managed access rights put critical data at risk Blind faith in security standards could create cyber vulnerabilities UK businesses ‘sleepwalking into reputational time bomb’: BSI Four questions to consider when building a security platform SolarWinds survey points to a false sense of security in UK organizations You can't always stop a breach: but you should always be able to spot one Despite the hype ‘encrypted’ does not equal ‘safe’ Defending the firewall What you need to know about ‘WinShock’ Less than half of critical business data in UK organizations is secure: survey University of Maryland experts discover lapses in Heartbleed bug fix FFIEC releases cybersecurity assessment observations ISM: ‘detect and respond’ is no silver bullet Many organizations are still unprepared for cyber attacks Have we learnt from our Heartbleed mistakes? Majority of IT security professionals are ‘naïve’ when it comes to perimeter security Lack of IT policies on devices putting companies at risk Reducing the risk that your people pose to your organization Cybersecurity incidents more frequent and costly: but budgets decline All you need to know about the Bash vulnerability Bash vulnerability views Trends that will reshape organizational security Awareness of information security threats growing; but organizations struggle to manage the risks Increasing complexity of cyber attacks leaves many organizations exposed SANS updates information security policy templates library To deter cyber attacks, build a public-private partnership Managing mobile device risks Risky Business: The State of Mobile Security in the UK How quickly can organizations detect a data breach on critical systems? Active risk management: defending against the cyber storm 70 percent of Internet of Things devices vulnerable to attack: HP study International tensions heighten cyber security risks: KPMG Fear of downtime resulting in poor password management Factor security into application release automation or face severe disruption cautions Tufin CTO Russia sanctions could spark a cyber-war Employees are the most frequent point of failure when it comes to information security Information risk management lessons The 2014 Cyber Defence Maturity Report Protecting business-critical information in virtual environments Point of sale systems are a weak link in the information security chain Reaction against scaremongering may be resulting in boards not taking cyber risks seriously enough DDoS attacks are becoming more effective at causing downtime Lessons learned from Heartbleed Exploring cyber blackmail attack issues Employee attitudes to wi-fi security put businesses at risk Cyber risk oversight guidance for corporate directors Boards failing to take ownership of cyber risks The 2014 Information Maturity Risk Index Bank of England launches CBEST framework to test and improve financial sector cyber resilience How to avoid big data security chaos Fear of reputational damage driving data protection compliance An introduction to the Mission Risk Diagnostic for Incident Management Capabilities 2014 US State of Cybercrime Survey A Taxonomy of Operational Cyber Security Risks Traditional approaches to cybersecurity ‘no longer work’ US retailers launch ‘Retail Cyber Intelligence Sharing Center’ Back to basics… Cyber security being superseded by ‘cyber resilience’ ‘Rogue employees’ are the biggest threat to information security Check Point 2014 Security Report identifies ‘exponential increase in new and unknown malware on enterprise networks’ Linking ISM and BCM brings real business benefits: Ponemon survey The Information Security Breaches Survey 2014 Integrating cyber security and business continuity Data breaches surge in 2014 New Internet Explorer vulnerability requires immediate action Reducing threats from within the organization Companies warned not to let Heartbleed affect HR and payroll New Ponemon study ‘finds massive overconfidence in enterprise security strength’ What do business continuity managers need to know about Heartbleed? UN agency launches study to assess status of cybersecurity worldwide DDoS: a seven-point action plan Data security: risk and prevention for financial firms 2014 Global Threat Intelligence Report Has cyber security awareness improved among the largest UK businesses? The top six ways to encrypt sensitive data on AWS 83 percent of businesses are not fully prepared for an online security incident: Economist Intelligence Unit Next generation industrial control systems create ‘open invitation’ for hackers Less risk, more reward FBI Director highlights cyber threat growth Proper information security only comes by being truthful SANS Institute survey highlights the scale of the information security challenge The weak link in the chain… UK companies lag behind the US in cyber security readiness Change detection technology has changed: for the better The top enterprise security threats Bank of England publishes Waking Shark II report UK organizations leaving the door open for information security attacks due to failures in staff training Network security’s ticking time-bomb Mobile applications increasingly being used for DDoS attacks Key information protection and governance trends Four enterprise IT predictions for 2014 The Kroll 2014 cyber security forecast Businesses remain ill prepared to protect themselves against DDoS threats Social engineering: understanding the threat Top cyber-threats listed in ENISA Threat Landscape Report Softening the business impact of security management Ten questions that board members should ask about information security Cyber attacks: the worst is yet to come Resilience Metrics for Cyber Systems Information security in 2014 PCI DSS Version 3.0: new standard but same problems? How to implement a cyber incident response plan Prolexic advises against a multi-layered strategy to block DDoS attacks Information security management in the industrial sector FUD causing poor information security decision making Version 3.0 of the PCI Data Security Standard and Payment Application Data Security Standard published Emerging Cyber Threats Report 2014 Are enterprises losing the cyber-war? ‘Security Policy Orchestration: Supporting Tomorrow’s Networks’ The last rites of traditional IT security Coordinating security response and crisis management planning Security officers gaining a strategic voice: IBM Study Plan to fail for better security and continuity New ENISA white paper: Can we learn from industrial control systems/SCADA security incidents? Time to resolve cyber-attacks more than doubles: Ponemon Institute survey Operation Waking Shark 2 to test UK financial sector’s cyber-security defences and response mechanisms The majority of IT security professionals expect a state-sponsored cyber attack in the next six months Emerging wireless risks to consider Majority of technology companies view cyber security as a serious threat to business continuity Revised BS ISO/IEC 27001 and BS ISO/IEC 27002 standards now available UK Centre for the Protection of National Infrastructure issues spear phishing guidance ENISA highlights the threat of multi-pronged large impact cyber-attack events Security concerns emerge with the new gTLDs October will be the first ‘European Cyber Security Month’ The growing threat from state-sponsored cyberattacks Ten things IT should be doing to protect your data: but probably isn’t New York Times hack highlights a resiliency weak point shared by many organizations Insider Threat Attributes and Mitigation Strategies Four steps for denying DDoS attacks 2013 version of ISO/IEC 27001 on target for October release Implementing a good information security program When it comes to network security do enterprises have their head in the sand? Report looks at live threat intelligence trends Research highlights the risks that organizations are taking with Java Boardroom Cyber Watch 2013: survey results How to avoid the complexity risks associated with next-generation firewalls Cyber threats: a new mindset is required How DDoS attackers can turn mitigation devices against you The beginning of the end for firewalls? Survey looks at risk based security management NIST consults on ways to speed-up computer security incident team responses Maintaining availability: the importance of DDoS defences in business continuity planning New PAS 555 specification will help organizations manage cyber security The 2013 Information Risk Maturity Index Immature approach to cyber threats placing organizations at risk: Marsh How to get your company board to consider cyber threats as part of corporate risk and business decisions The Impact of Mobile Devices on Information Security: survey report Android antiviral products easily evaded: Northwestern University study Emulating the enemy Majority of organizations underestimate scope of privileged account security risk: survey CPNI publishes research into insider threats NIST issues major revision of core computer security guide Printers, routers and other Internet-enabled devices being hijacked to participate in cyber attacks Results of the 2013 Information Security Breaches Survey published The State of Network Security 2013 ENISA analyses the Spamhaus attack An increase in mobile targeted threats is putting organizations at risk of cyber-espionage How the biggest DDOS attack in history highlights interdependencies UK government launches public-private sector information sharing partnership on cyber security APT attacks clarified Cyber attacks – a new edge for old weapons US GAO reports on cybersecurity Consensus at RSA Conference 2013: PKI is under attack UK Cabinet Office requests feedback on cyber security organizational standards Five easy steps for implementing a data classification policy Oil and gas process control systems increasingly at risk from cyber attacks Cyber attacks on Australian business more targeted and coordinated Cyber threats require a risk management approach One in five enterprises have experienced an APT attack: ISACA survey A tiered approach to BYOD control European Commission publishes cybersecurity strategy Many companies do not give sufficient attention to cyber risks Virtual servers are a weak link in data security management UK signs up to World Economic Forum Cyber Resilience Partnership Cyber security needs to be a board level issue Radware releases global security report Large-scale DDoS attacks grow bigger and more diversified ENISA reports on Cyber Threat Landscape While you are away for Christmas, who has access to your network and data? The low hanging fruit of IT security Antivirus solutions ‘woefully inadequate’ says Imperva report Three security hurdles to overcome when shifting from enterprise-owned devices to BYOD Taking the UK Cyber Security Strategy forward The Top ten financial services cyber risk trends for 2013 Combatting cyber-attacks with honeypots Cyber threats forecast for 2013 NIST releases draft guidelines to secure mobile devices Could your employees detect and deflect a spear phishing attack? Information security: fundamental change required When it comes to data protection: don’t forget about paper ‘An Inside Track on Insider Threat’ The threat of targeted cyber attacks is growing for businesses Survey shows cybersecurity complacency ISO standard for cybersecurity published The 2012 Cost of Cyber Crime Study Running lights out management without putting your organization’s lights out permanently DDoS attacks reach new level of size and sophistication How to ensure that information security is fit for purpose Mobile Device Management: Key Components, V1.0 New NIST publication provides guidance for IT risk assessments CERT-EU becomes a permanent aspect of EU cyber threat response The 2012 Global Financial Services Industry Security Study: Breaking Barriers BYOD out of control in many organizations UK government publishes cyber security guidance for businesses Digital forensics and its role in protecting the enterprise Reported data breaches rise 1000 percent in five years Hacktivism proves to be a very real threat to business continuity Bring Your Own Device: ‘the most radical shift in enterprise client computing since the introduction of the PC’ ENISA conducts a gap analysis of European cyber security legislation Mitigating the impacts of social engineering attacks Final version of updated NIST Computer Security Incident Handling Guide now available US cybersecurity legislation blocked IBM takes on Advanced Persistent Threats Big data analytics can help reduce cyber security risks NIST seeks comments on updates to guidance on network attacks and malware European Commission consults on future EU Network and Information Systems legislation International cybersecurity research roadmap launched ISACA issues COBIT 5 for Information Security ENISA calls for kick-start in cyber insurance market Do as I say, not as I do... ‘First generation’ BYOD workers pose serious security challenges to corporate IT systems Half of UK companies failing to heed security breach warnings BYOD is top concern for enterprise mobile security: Gartner survey BYOD: it’s time to throw out the rule book Cyber risk remains misunderstood despite growing concern among risk managers: Marsh Cyber resilience needs to be top priority for CEOs: World Economic Forum Google sync feature creates new information security risk Information Security Forum warns of increase in sophisticated state-sponsored cyber attacks in the wake of Flame ISACA issues guidance on virtualized desktop infrastructure (VDI) Information management at the crossroads: is it time for ‘corporate information responsibility’? ‘How Boards & Senior Executives Are Managing Cyber Risk’ The role of the chief information security executive is changing Australian businesses given data breach crisis management advice Survey looks into bring your own device trends US GAO reports on ‘Cybersecurity: Threats Impacting the Nation’ The 2012 Information Security Breaches Survey Data protection lessons not being learned Inadequate security on mobile phones and tablets exposes UK businesses to massive risk: new research by PwC/InfoSecurity Europe Threat Horizon 2014 The top 10 list for winning the battle against insider threats So you think SharePoint is secure? Think again! The Information Risk Maturity Index Standards for cyber security testing to be introduced in Australia NIST publishes guidance on wireless local area network security NIST revision of SP 800-53 addresses current cybersecurity threats What’s missing from DLP? One in three companies experienced at least one DDoS attack in the last twelve months The new EU data protection guidelines NIST gives more details about National Cybersecurity Center of Excellence The CERT Guide to Insider Threats: new book Report ‘debunks prevailing myths about distributed denial of service (DDoS) attacks’ World Economic Forum launches ‘Risk and Responsibility in a Hyperconnected World: Principles and Guidelines’ IBM launches new software to help organization control the influx of mobile devices to the workplace ‘Cyber Security Strategies: Achieving Cyber Resilience’ PwC highlights cyber attack realities in Davos European Commission publishes new data protection proposals SharePoint users develop insecure habits Twenty critical controls for effective cyber defence 2012 IT security predictions: blanket encryption or apocalypse now Industrial control systems: recommendations for improving security Information security trends for 2012 How to detect and stop corporate espionage 2012 security predictions Managing the risks of information leakage The DigiNotar, Comodo and RSA breaches: what have we learned? New NIST tool helps organizations meet HIPAA requirements Security trends for 2012 New ISO/IEC technical report provides information security control guidelines 14th Annual Global Information Security Survey: Companies rush to adopt new technologies leaving security threats as an after-thought NIST releases update to smart grid roadmap Information Security Governance – raising the game Majority of US small businesses ‘suffer from false sense of cyber security’: survey The Duqu virus explored ISO officially launches ISO/IEC 27035:2011 Certificate management explored Zero-day threats may be exaggerated Cyber threats forecast for 2012 US public/private leaders collaborate on ways to fight botnets Smartphones and enterprise security 2011 is the ‘Year of the Security Breach’ according to IBM X-Force report ‘An Anatomy of a SQL Injection Attack’ Social engineering risks explored Understanding the correlation between data leakage and the security mission New from NIST: Guide for Conducting Risk Assessments The dawn of the cyber savvy CEO Companies ignore e-crime insurance despite growing risk Cybercrime rises up the boardroom agenda Emerging mobile culture threatening UK businesses HP publishes ‘Second Annual Cost of Cyber Crime Study’ EU cyber-security agency flags urgent security fixes for new web standards/HTML5 US-CERT issues ‘Security Recommendations to Prevent Cyber Intrusions’ Hacktivism and the lessons learned from LulzSec The mobile security conundrum Mobile security reaching a tipping point for organizations US Commerce Department proposes new policy framework to help protect companies where the Internet is business-critical A growing threat to corporate networks: employee-owned devices How employees’ holiday technology risks impact corporate networks Organizations worldwide not keeping up with new security threats Cyber-attacks, Black Swans and business continuity management Alarming rise in information security attacks against industrial control systems PlayStation Network: will this be the largest online corporate disaster ever? ENISA issues final report on Cyber Europe 2010 The rise of APT Maturity model for information security management released European Commission reviews Member States' protection against cyber attacks Beware the ‘vanity attack’ RSA breach: what are the risks? Information Security Forum points to ‘disappearing network boundary’ as quarter of a million Google Android phones are hacked Smartphones and enterprise systems: don’t let convenience override security considerations New NIST publication offers advice on integrating information security risk planning into mission-critical functions EU cyber security agency warns of risks associated with new types of cookies Information security from a business perspective New guide to cyber security incident management OECD report provides a comprehensive analysis of the risks and impact of cyberattacks Weaponised malware - how criminals could use digital certificates to cripple organizations New NIST publications provide recommendations for managing information security as a key component of mission-critical functions A taxonomy of operational cyber security risks EU’s cyber-security agency highlights smartphone risks US Financial Services Sector Coordinating Council signs cybersecurity research agreement with NIST, DHS PwC comments on cyber attacks to defend WikiLeaks Securing privileged identities: a critical area of cloud security Public and private sectors must partner on cyber security to prevent a “cyber 9/11” Unisys security predictions for 2011 Cybersecurity best practices and policy issues discussed at November ANSI Caucus Top ten security trends for 2011 New NIST guidance on managing WiMAX network risks 13th annual Ernst & Young Global Information Security Survey Security professionals are missing key information risks Cyber threats to economic welfare do not stop at the public sector Cyberwars : a real and present danger Lost in translation If your head’s in the cloud, keep your feet on the ground Awareness of the risks of poor information management and records keeping is rising: AIIM survey Cyber threats forecast for 2011 Stuxnet is a malware paradigm shift: EU cyber security agency State of the Internet 2010: A Report on the Ever-Changing Threat Landscape Centre for the Protection of National Infrastructure issues Stuxnet guidance Commission to boost Europe's defences against cyber-attacks Cyber Storm III completed New research improves ability to detect malware in cloud computing systems UK out of step with the rest of the world when it comes to planned spending on information security The buck stops here: why the CEO is responsible for everything Information security starts before software purchase Misconfigured networks are the main cause of breaches Global security threats have reached record levels DEF CON survey looks into cloud hacking GAO report finds that US public-private cybersecurity coordination is still lacking The top five undiscovered vulnerabilities most commonly found on enterprise networks Cloud Security Alliance launches ‘Certificate of Cloud Security Knowledge’ NIST publishes draft cloud computing and virtualization security guidance UK Centre for the Protection of National Infrastructure publishes guide to managing online social networking risks Winners of US National Cybersecurity Awareness Challenge announced Updated computer security NIST guidelines focus on security assessment plans ‘Security awareness: Turning your people into your first line of defence’ A tale of two hacks Using new UK ICO powers as a force for change Deloitte 2010 security survey: financial institutions making identity and access management tools their top priority Digital copiers and information security New computer security threat warning ‘Security for Cloud Computing Users’: survey results Cloud security study New study looks into network resilience of 30 European countries When it comes to information security many employees are ‘the enemy within’ UK IT departments losing the social media security ‘power struggle’ 2010 Information Security Breaches Survey results Priorities identified for future EU research into IT security Data protection a critical business issue and not just a technology concern: but perception of data security at odds with reality North Carolina State University research offers ‘key to resolving virtualization and cloud computing hypervisor security issues’ ‘The Financial Management of Cyber Risk: An Implementation Framework for CFOs' Fast pace of change in technology use is leaving businesses at risk ‘Growing sophistication of cyber attacks pose greatest risk to US infrastructure’: Clarus Research Group survey ‘Shadows In The Cloud: Investigating Cyber Espionage 2.0’ Western organizations are ignoring iPhone security risks Council of Europe call for worldwide implementation of the Budapest Convention on cybercrime ISO and IEC publish new information security management systems standard Will virtualization and cloud computing change how we achieve security? Symantec 2010 State of Enterprise Security Study The Cloud Security Challenge NIST releases ‘Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach’ Top cloud security threats identified in new research report Document-related threats rising dramatically: IBM X-Force report Fuzzing: helping to avoid zero-day attacks Mobile security – the time has come for action Cyber-war is here and the enterprise is on the frontlines IT security 2010 NIST issues expanded draft of Smart Grid Cyber Security Strategy APRA releases guidance on the management of security risk in information and information technology UK Security Breach Investigations Report 2010 published Cloud computing changing the risk landscape Fifth annual Worldwide Infrastructure Security Report |
To submit news stories to Continuity Central, e-mail the editor. Want an RSS newsfeed for your website? Click here |
||||
|
WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE Please note that this is a page from a previous version of Continuity Central and is no longer being updated. To see the latest business continuity news, jobs and information click here.
|
