IT governance
IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.
-
News
20 Nov 2024
ORG urges ICO to revise public sector enforcement approach
The Open Rights Group is urging the Information Commissioner’s Office to revise its light touch approach to public sector data protection issues, arguing that its experimental policy of limiting its enforcement actions to reprimands and notices, rather issuing fines, is allowing bad practices to continue largely unabated Continue Reading
-
News
20 Nov 2024
Apple addresses two iPhone, Mac zero-days
Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks Continue Reading
-
News
22 Jul 2024
CrowdStrike chaos shows risks of concentrated ‘big IT’
The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous Continue Reading
-
News
22 Jul 2024
Ed Davey and Jo Swinson ‘handled’ by civil servants in Post Office cover-up, says Sir Alan Bates
Evidence in public inquiry revealed how ministers in charge of Post Office were left in the dark at a time when campaigners, MPs and journalists were looking for answers Continue Reading
-
Opinion
22 Jul 2024
Fundamental guardrails to address AI risk and value
Leveraging existing governance approaches and current success will make AI governance less daunting while supporting business goals Continue Reading
-
Feature
18 Jul 2024
Kubernetes at 10: From stateless also-ran to ‘platform to build platforms’
Sergey Pronin of Percona was all for ‘Kubernetes for stateless’ at a time when it was hard to provision storage and day-two services – then Operators and Stateful Sets came along Continue Reading
-
News
17 Jul 2024
UK Cyber Bill teases mandatory ransomware reporting
In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting Continue Reading
-
News
17 Jul 2024
Hackney Council reprimanded over 2020 ransomware attack
The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements Continue Reading
-
News
16 Jul 2024
Strategic Defence Review must emphasise cyber security, says industry
Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre Continue Reading
-
News
16 Jul 2024
CMA looks deeper into Microsoft’s AI hirings
Microsoft recently hired two former co-founders of AI specialist Inflection AI, and signed a deal to host the company’s AI model on Azure Continue Reading
-
News
15 Jul 2024
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack
The two NHS Trusts most heavily impacted by the Qilin ransomware attack on pathology services provider Synnovis have cancelled over 6,000 appointments and procedures in the past five weeks Continue Reading
-
News
15 Jul 2024
How Snowflake is tackling AI challenges
Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations Continue Reading
-
News
15 Jul 2024
Civil servant said subpostmasters’ threat of legal action was ‘sabre-rattling’
Post Office scandal public inquiry hears damning evidence capping off a bad week for the reputation of high-profile civil servants Continue Reading
-
News
12 Jul 2024
AT&T loses ‘nearly all’ phone records in Snowflake breach
Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment Continue Reading
-
News
12 Jul 2024
Public awareness of ID security grows, but big obstacles remain
Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report Continue Reading
-
News
12 Jul 2024
IBM: Reimagine processes to unlock AI’s value
Asia-Pacific organisations must reimagine processes for AI success, says IBM’s general manager for the region, Paul Burton Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
10 Jul 2024
The security interview: Managing the ‘no’ mindset
Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals Continue Reading
-
News
09 Jul 2024
Hyper-V zero-day stands out on a busy Patch Tuesday
Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention Continue Reading
-
News
09 Jul 2024
Chinese spies target vulnerable home office kit to run cyber attacks
China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert Continue Reading
-
News
09 Jul 2024
Lessons from war: How Israel is fighting Iranian state-backed hacking
The general director of the Israel National Cyber Directorate talks about the rise in cyber attacks and what lessons the country has gleaned to defend against hacking from foreign parties Continue Reading
-
Opinion
09 Jul 2024
Automating public services - a careful approach
Automation is increasingly integrated into public services, promising enhanced efficiency, cost savings, and improved service quality Continue Reading
-
News
09 Jul 2024
Revamped DSIT to transform digital public services, says government
The incoming government sets out preliminary plans to conduct a major revamp and relaunch of the Department for Science, Innovation and Technology Continue Reading
-
News
08 Jul 2024
Synnovis attack highlights degraded, outdated state of NHS IT
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning Continue Reading
-
News
03 Jul 2024
NCA’s Operation Morpheus targets illicit Cobalt Strike use
International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes Continue Reading
-
News
03 Jul 2024
Former Post Office chair 'regrets' keeping critical Horizon report secret
Tim Parker, chairman of the Post Office from 2015 to 2022, admits he should not have accepted legal advice to prevent release of a review that could have supported victims of the Horizon scandal Continue Reading
-
Opinion
03 Jul 2024
Cyber Essentials at 10: Success or failure?
The Cyber Essentials scheme passed its 10th anniversary in June 2024. CyberSmart's Adam Pilton reflects on progress and argues that more needs to be done to raise security awareness among Britain's small business community Continue Reading
-
Opinion
02 Jul 2024
Security Think Tank: Securing today's ubiquitous cloud environment
The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage Continue Reading
-
Feature
01 Jul 2024
Security in the public cloud explained: A guide for IT and security admins
In this guide, IT security and industry experts share their top recommendations for protecting public cloud deployments Continue Reading
-
Feature
27 Jun 2024
7 supply chain resilience strategies to use now
Weather events, geopolitical unrest and other disruptions are occurring more frequently. These seven supply chain resilience techniques can help manage them. Continue Reading
-
News
27 Jun 2024
Gulf Edge to operate Google Distributed Cloud in Thailand
The Gulf Energy subsidiary will offer Google’s sovereign cloud service in Thailand with a focus on air-gapped configurations Continue Reading
-
News
26 Jun 2024
Police Scotland did not consult ICO about high-risk cloud system
Police Scotland chose not to formally consult with the data regulator about the risks identified with a cloud-based digital evidence sharing system, while the regulator itself did not follow up for nearly three months Continue Reading
-
News
25 Jun 2024
NHS experts raise warning over patient data breach risk in registries project
Clinicians warn that the NHS England Outcome Registries Platform has poor security and is vulnerable to cyber attack, putting critical patient data at risk of being exposed Continue Reading
-
News
24 Jun 2024
Sellafield pleads guilty to criminal charges over cyber security
Nuclear Decommissioning Authority-backed organisation Sellafield Ltd pleads guilty to criminal charges brought over significant cyber security failings that could have compromised sensitive nuclear information Continue Reading
-
Opinion
24 Jun 2024
AI and outsourcing: What’s the future for relationships and contracts? (Part two)
In the second part of this two-part series, two technology lawyers offer guidance on what the integration of artificial intelligence in IT outsourcing and business process outsourcing will mean for customers and providers in outsourcing relationships and contracts Continue Reading
-
News
21 Jun 2024
Qilin ransomware gang publishes stolen NHS data online
The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online Continue Reading
-
News
21 Jun 2024
Executive interview: Open models pros and cons
We speak to Meta’s vice-president of AI research about recent publicly released research and models, and the role of closed AI models Continue Reading
-
News
21 Jun 2024
ICO police cloud guidance released under FOI
Long-awaited guidance from the UK data regulator on police cloud deployments highlights some potential data transfer mechanisms it thinks can clear up ongoing legal issues, but tells forces it’s up to them to decide if the measures would work Continue Reading
-
Opinion
19 Jun 2024
Why AI is talking politics this year
AI is already playing a part in this year’s General Election - for good and bad Continue Reading
-
News
19 Jun 2024
Microsoft admits no guarantee of sovereignty for UK policing data
Documents show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary Continue Reading
-
Opinion
18 Jun 2024
We need a judge-led inquiry into police spying on journalists and lawyers
When journalists Barry McCaffrey and Trevor Birney were wrongly arrested in 2018, their case led to the discovery of a widespread police surveillance operation targeting journalists and lawyers in Northern Ireland. Barry McCaffrey tells the story Continue Reading
-
News
17 Jun 2024
Artificial intelligence to make Olympic Games more inclusive
The International Olympic Committee is working with Intel to use AI at the Paris Olympic and Paralympic Games Continue Reading
-
Opinion
17 Jun 2024
Cloud security: Finding the right provider to protect your data
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Feature
17 Jun 2024
Autonomous weapons systems defy rigid attempts at arms control
In an ever more dangerous world, the technology is outpacing diplomacy and holds clear strategic value. Retaining human control over its use will require embracing imperfect solutions Continue Reading
-
Opinion
17 Jun 2024
Gartner: Navigating incident response in the cloud
In the rapidly evolving landscape of cloud security, incident response strategies must be as dynamic and flexible as the environments they protect Continue Reading
-
News
13 Jun 2024
AI’s environmental cost could outweigh sustainability benefits
Artificial intelligence can help organisations manage and mitigate their environmental impacts in a number of ways, but the highly polluting nature of the technology could outweigh its other sustainability benefits if not dealt with Continue Reading
-
News
13 Jun 2024
Black Basta ransomware crew may be exploiting Microsoft zero-day
A Microsoft vulnerability that was addressed without fanfare in March may in fact have been exploited as a zero-day by the notorious Black Basta ransomware gang, threat hunters warn Continue Reading
-
Opinion
13 Jun 2024
Data leakage in the cloud – can data truly be safe in the cloud?
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
13 Jun 2024
Q&A: Adalbjorn Thorolfsson on IT project management in Iceland
With a small, but very sophisticated population, Iceland has unique ways of keeping up with the rest of the world in the IT sector. Adalbjorn Thorolfsson, president of the Icelandic Project Management Association, describes some lessons for the rest of the world Continue Reading
-
Opinion
12 Jun 2024
How to ensure public cloud services are used safely and securely
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
11 Jun 2024
PSNI ran secret unit to monitor journalists’ and lawyers’ phones, claims former senior officer
The Police Service of Northern Ireland denies claims that its anti-corruption unit used a standalone computer to ‘avoid scrutiny and control’ Continue Reading
-
Opinion
11 Jun 2024
True cloud security requires in-depth understanding
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
11 Jun 2024
More than 160 Snowflake customers hit in targeted data theft spree
Mandiant reports that more than 160 Snowflake customers have been hit in a broad data theft and extortion campaign targeting organisations that have failed to pay proper attention to securing valuable credentials Continue Reading
-
News
10 Jun 2024
NHS blood stocks running low after ransomware attack
The NHS is appealing for people with O Positive and O Negative blood types to come forward to donate as hospitals in London struggle to keep critical services running after ransomware attack Continue Reading
-
News
10 Jun 2024
AI firms can’t be trusted to voluntarily share risk information
Workers at frontier AI firms have warned that their employers – including OpenAI, DeepMind and Anthropic – can’t be trusted to voluntarily share information about their systems capabilities and risks with governments or civil society Continue Reading
-
News
10 Jun 2024
Driving customer experience through cloud and AI
Autodesk’s global CIO Prakash Kota explains how the company is modernising its IT infrastructure and adopting cloud and AI to drive customer experience Continue Reading
-
News
07 Jun 2024
DDoS gang threatens to disrupt European elections
Russian hacktivists are threatening to disrupt the European Parliament elections, while the BBC reports on new deepfake threats to the UK’s electoral process Continue Reading
-
News
07 Jun 2024
Bitdefender makes MDR services free to NHS bodies hit by Qilin
Bitdefender offers NHS bodies affected by a major cyber incident free access to its product suite, as the health service continues to deal with the impact of the Qilin ransomware attack on partner Synnovis Continue Reading
-
News
07 Jun 2024
Rapid AI development poses supervisory challenges in the Netherlands
In the Netherlands, the financial regulator and the monetary authority are grappling with the pace of artificial intelligence development and its implications for the financial industry Continue Reading
-
News
05 Jun 2024
Qilin ransomware gang likely behind crippling NHS attack
Security experts investigating a major cyber attack on an NHS partner that has caused frontline services across South London to grind to a halt say the Qilin ransomware gang appears to be the culprit Continue Reading
-
News
05 Jun 2024
Lack of upfront specifications kill agile projects
Research shows there is a high chance of failure when a software development project begins without a specification being signed off Continue Reading
-
Opinion
04 Jun 2024
Security Think Tank: The cloud just got more complicated
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
04 Jun 2024
Invasive tracking ‘endemic’ on sensitive support websites
Websites set up by police, charities and universities to help people get support for sensitive issues like addiction and sexual harassment are deploying tracking technologies that harvest information without proper consent Continue Reading
-
Opinion
04 Jun 2024
Building a more secure, and sustainable, open source ecosystem
In April 2024, the discovery of an intentionally-placed backdoor in the open source XZ Utils data compression caused concern. Sentry's Chad Whitacre says a more thoughtful approach is needed to balance the individual freedom and creativity of open source, with more rigorous security practice. Continue Reading
-
News
04 Jun 2024
NHS services at major London hospitals disrupted by cyber attack
A major cyber attack at NHS services provider Synnovis is disrupting frontline care at hospitals across London Continue Reading
-
Opinion
04 Jun 2024
Uncomfortable truth about agile transformations
With 94% of all agile transformations failing, we look at some engineering practices that promise to cut software project failure rates Continue Reading
-
News
04 Jun 2024
Russia used fake AI Tom Cruise in Olympic disinformation campaign
Microsoft threat researchers report a surge in Russian disinformation campaigns targeting the 2024 Summer Olympics, including AI-enhanced propaganda Continue Reading
-
News
03 Jun 2024
97 FTSE 100 firms exposed to supply chain breaches
Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers Continue Reading
-
News
03 Jun 2024
Major breaches allegedly caused by unsecured Snowflake accounts
Significant data breaches at Ticketmaster and Santander appear to have been orchestrated through careful targeting of the victims’ Snowflake cloud data management accounts Continue Reading
-
News
03 Jun 2024
AI Seoul Summit review
Dozens of governments and tech companies attending the second global AI Safety Summit have committed themselves to the safe and inclusive development of the technology, but questions remain around whether the commitments made go far enough Continue Reading
-
News
31 May 2024
IBM, AI Singapore to bolster Sea-Lion LLM
IBM will work with AI Singapore on technical exchanges to enhance Sea-Lion and make the region’s first LLM available to data scientists and engineers through its AI use case library Continue Reading
-
News
30 May 2024
Post Office Horizon replacement project labelled 'unachievable' as taxpayer bill reaches £1bn
The project to replace the Horizon IT system in Post Office branches is late, over budget and lacking quality – and government auditors sent in to assess a request for £1bn funding say it is currently unachievable Continue Reading
-
News
30 May 2024
Europol sting operation smokes multiple botnets
Malware droppers including Bumblebee and Smokeloader were among those targeted in one of the largest ever joint operations against cyber criminal botnets Continue Reading
-
News
29 May 2024
Proofpoint exposes AFF scammers’ piano gambit
Ransomware and nation state actors dominate the headlines, but fraud and scams still net career cyber criminals thousands from unsuspecting members of the public. Proofpoint reports on a campaign targeting victims of a musical inclination Continue Reading
-
News
29 May 2024
Organisations value digital trust, but aren’t working at it
Three quarters of organisations believe digital trust is relevant to their businesses, yet clear gaps in strategies still seem to persist Continue Reading
-
Opinion
29 May 2024
How to avoid joining the Dead Java Code Society
Unused or dead Java code is bogging down software engineers and developers, causing weird dependencies and security risks. Eric Costlow of Azul shares some advice on how to avoid becoming a member of a rather unpleasant club Continue Reading
-
News
29 May 2024
Survey reveals generative AI employee fear
IBM/Oxford Economics global CEO survey shows generative AI success relies on employee training and business leader vision Continue Reading
-
News
29 May 2024
Next UK government must be prepared to legislate on AI, say MPs
The House Science, Innovation and Technology Committee says the next government should be ready to legislate on artificial intelligence to plug any regulatory gaps Continue Reading
-
News
28 May 2024
Executive Interview: Why Dell wants to be your one-stop AI shop
At Dell Technologies World in Las Vegas, artificial intelligence was the talk of the town as Dell staked out an all-encompassing strategy ahead of an anticipated goldrush. Dell’s Nick Brackney explains why the tech giant believes it's onto a winner Continue Reading
-
News
24 May 2024
Paula Vennells boasted about removing Horizon risk reference in Royal Mail flotation prospectus
A reference to Horizon was removed from Royal Mail prospectus by Paula Vennells in the eleventh hour Continue Reading
-
Opinion
24 May 2024
How the next government could rewire the state
Overhauling the way government uses and exchanges data could dramatically improve public services Continue Reading
-
Blog Post
23 May 2024
Post Office inquiry: So, is Paula Vennells lying or not?
When former Post Office CEO Paula Vennells began her much-anticipated evidence to the public inquiry into the scandal that unfolded on her watch, she turned to the victims and said how grateful she ... Continue Reading
-
News
23 May 2024
Northern Ireland police face £750,000 fine after data protection blunder put lives at risks
Information commissioner John Edwards uses discretion to reduce proposed fine from £5.6m to £750,000 Continue Reading
-
News
22 May 2024
Rockwell urges users to disconnect ICS equipment
ICS systems maker Rockwell Automation calls on users to take steps to secure their equipment, and reminds them there is no reason to ever have its hardware connected to the public internet, as it tracks an increase in global threat activity Continue Reading
-
News
22 May 2024
‘You knew’ – former ally accused Paula Vennells of knowing about Horizon problems
Former Royal Mail CEO messaged Paula Vennells following the broadcasting of ITV’s dramatisation of the Post Office scandal, questioning what the former Post Office boss knew and removed her support Continue Reading
-
News
22 May 2024
AI Seoul Summit: 27 nations and EU to set red lines on AI risk
The countries will now work together to identify thresholds at which the risks presented by an AI model or system would be unacceptable without safeguards in place, as well as develop interoperable safety testing regimes for the technology Continue Reading
-
News
21 May 2024
AI Seoul Summit: 10 nations and EU recommit to safe inclusive AI
During the latest AI Summit in South Korea, the participating governments reaffirmed their prior commitments to deepening international cooperation on AI safety, and have agreed to launch an international network of ‘safety institutes’ Continue Reading
-
News
21 May 2024
AI Seoul Summit: 16 AI firms make voluntary safety commitments
Prominent artificial intelligence companies from around the world have committed to a set of voluntary AI safety measures, which includes developing continuous risk assessment processes, setting acceptable risk thresholds, and ensuring greater transparency Continue Reading
-
News
21 May 2024
The Security Interviews: What is the real cyber threat from China?
Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries Continue Reading
-
News
20 May 2024
UK AI Safety Institute to open San Francisco branch
News of the AI Safety Institute’s expansion to the US follows the first public release of its AI safety testing results Continue Reading
-
News
17 May 2024
Why the UK needs to fix its broken IT security market
Ollie Whitehouse, CTO of GCHQ’s National Cyber Security Centre, says the market for secure software is broken. Are new laws required to make software companies liable for poor security? Continue Reading
-
News
17 May 2024
Post Office considered asking Computer Weekly to review Horizon IT system
The Post Office CIO was tasked by directors with sizing up Computer Weekly for the task of reviewing a forensic investigation into Horizon Continue Reading
-
News
16 May 2024
Post Office IT boss failed to raise concern over false Horizon statements
Former Post Office CIO Lesley Sewell failed to raise concern over Post Office’s false stance on Horizon integrity Continue Reading
-
News
16 May 2024
Sunak warned against changing foreign student visa rules
Business leaders have called on prime minister Rishi Sunak not to be pressured into altering the graduate visa route Continue Reading
-
News
15 May 2024
Cyber Safety Force wants to change conversation around risk
A consortium to help cyber pros better manage risk has launched, with ambitious goals to change the nature of the conversation from cyber security to cyber safety Continue Reading
-
News
15 May 2024
Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday
A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention Continue Reading
-
News
15 May 2024
WikiLeaks founder’s extradition case labelled ‘institutional corruption’
Call for Julian Assange to be prosecuted in the US has been condemned as ‘institutional corruption on a judicial level’ with the WikiLeaks founder a ‘political prisoner’ Continue Reading
-
News
15 May 2024
Government focuses on improving AI security
Two codes of practice are now available to help developers boost the security of their AI applications Continue Reading
-
News
14 May 2024
QStar launches tape access from anywhere with Global ArchiveSpace
Tape veteran provides file and object access to Exabyte scale archives aimed at AI, high-performance computing and hyperscaler storage. Single-site for now, multi-site to follow Continue Reading
-
News
14 May 2024
CyberUK 24: UK insurance industry gets tough on ransomware
Three of the UK’s largest insurance associations have signed on to a new initiative spearheaded by the NCSC to try to bring down the number of ransomware payments being made Continue Reading
-
News
14 May 2024
NHS trust dismisses governors who questioned allegations of email tampering
Two NHS trust governors who raised questions in a dispute over allegations of email tampering concerning whistleblower Peter Duffy have been dismissed after an investigation that followed their suspension Continue Reading
-
Opinion
13 May 2024
The UK may not have a choice on a ransomware payment ban
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading