Regulatory compliance and standard requirements
-
News
19 Dec 2024
Latest attempt to override UK’s outdated hacking law stalls
Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee Continue Reading
-
Opinion
19 Dec 2024
The Data Bill: It’s time to cyber up
The Computer Misuse Act is outdated and needs reform - so it's disappointing to see the government decline an opportunity to update the legislation, says the peer who proposed amendments Continue Reading
-
News
31 May 2022
Industrial systems not safe for the future, say Dutch ethical hackers
Ethical hackers in the Netherlands say operational technology and IT networks need to be integrated to prevent cyber attacks penetrating their operations Continue Reading
-
Opinion
31 May 2022
Mobile digital transformation – from fast to deep
The first half of 2022 has been a busy time, with much happening in the mobile industry. We consider what the rest of year might hold Continue Reading
-
News
30 May 2022
ICO calls for police to end ‘excessive collection’ of personal data from rape and assault victims
The UK’s information commissioner, John Edwards, has called for prosecutors and police to end the excessive collection of personal data from victims of rape and serious sexual assault Continue Reading
-
Opinion
27 May 2022
Consistency is key to mitigate outsourcing risk
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
26 May 2022
Security Think Tank: Core security processes must adapt in a complex landscape
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
26 May 2022
Two-thirds of UK organisations defrauded since start of pandemic
Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading
-
News
25 May 2022
Rubrik charts data security path
Backup and recovery software provider Rubrik now sees itself as a cyber security company that helps organisations recover from ransomware and other data security threats Continue Reading
-
News
24 May 2022
ICO orders facial recognition firm Clearview AI to delete all data about UK residents
UK data watchdog fines facial recognition company Clearview AI £7.5m for multiple privacy breaches. The firm, which offers services to law enforcement, faces growing pressure from regulators and legal action around the world Continue Reading
-
Opinion
23 May 2022
Security Think Tank: Understanding attack paths is a question of training
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
19 May 2022
Defensive cyber attacks may be justified, says attorney general
Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable Continue Reading
-
News
19 May 2022
Deliveroo accused of ‘soft union busting’ with GMB deal
Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts Continue Reading
-
News
19 May 2022
Red teaming will be standard in Dutch governmental organisations by 2025
The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest Continue Reading
-
News
19 May 2022
Singapore opens security testing centre
Joint centre set up by the Cyber Security Agency of Singapore and a local university will facilitate security testing and train security evaluation talent Continue Reading
-
Opinion
18 May 2022
Security Think Tank: To follow a path, you need a good map
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
17 May 2022
Australian CISOs least prepared for cyber attacks
Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds Continue Reading
-
News
16 May 2022
Europol gears up to collect big data on European citizens after MEPs vote to expand policing power
The European Parliament has voted to expand Europol’s role, legalising its processing of bulk datasets containing personal information and endorsing research into predictive policing technologies Continue Reading
-
News
16 May 2022
Keeping Singapore’s critical systems secure
Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore Continue Reading
-
News
12 May 2022
GPDPR data scrape a ‘mistake’, says leading scientist
Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape Continue Reading
-
News
11 May 2022
CyberUK 22: Five Eyes focuses on MSP security
The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading
-
News
11 May 2022
CyberUK 22: Data-sharing service to protect public from scams
A new data-sharing service set up by the NCSC and industry partners will give ISPs access to real-time threat data that they can use to block fraudulent websites Continue Reading
-
News
11 May 2022
Cyber accreditation body Crest forges new training partnerships
Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills Continue Reading
-
News
11 May 2022
Nationwide stops thousands more attempted frauds with Strong Customer Authentication
Nationwide Building Society is blocking an additional 2000 attempted online shopping frauds a month through extra checks Continue Reading
-
News
11 May 2022
EU plans to police child abuse raise fresh fears over encryption and privacy rights
Draft regulation unveiled today will require internet and messaging firms to use algorithms to identify grooming and child abuse or face heavy fines Continue Reading
-
News
10 May 2022
CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy
On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy Continue Reading
-
News
10 May 2022
CyberUK 22: Wales splashes £9.5m on cyber innovation hub
A new innovation hub hopes to spur on cyber security innovation in Wales Continue Reading
-
News
06 May 2022
UK digital markets regulator to be given statutory powers
Digital Markets Unit will be put on statutory footing by UK government to ensure technology giants do not abuse market power, but announcement comes with no clear indication of when legislation will be introduced Continue Reading
-
Feature
05 May 2022
Disaster recovery is an essential service for EDF with Phenix-IT
EDF has built disaster recovery tracking, planning and testing software on a six-month upgrade cycle based on governance, risk and compliance functionality in Mega’s Hopex platform Continue Reading
-
News
04 May 2022
UK government puts pressure on IT sector to clean up app security
Apps can be exploited to carry malicious payloads that steal personal information and cause financial loss – and not enough is being done to secure them Continue Reading
-
Podcast
29 Apr 2022
Podcast: War, geo-political risk, data storage and compliance
We talk to Mathieu Gorge, CEO of Vigitrust, about impacts on compliance and data storage from instability in geo-political events, such as the Russian invasion of Ukraine Continue Reading
-
News
28 Apr 2022
Manufacturer sues JPMorgan after cyber criminals stole $272m
Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity Continue Reading
-
News
26 Apr 2022
Coralogix makes foray into cyber security with Snowbit
Observability platform supplier Coralogix has set up a cyber security venture and a global security resource centre in India to tap the growth opportunities in the subcontinent Continue Reading
-
E-Zine
26 Apr 2022
The latest salary trends for IT professionals
In this week’s Computer Weekly, the results of our annual salary survey show pay returning to pre-pandemic levels and work-life balance a growing consideration. As sustainability becomes a critical issue, we look at how datacentres can meet emissions targets. And we find out how IT leaders can help protect children online. Read the issue now. Continue Reading
-
News
22 Apr 2022
How Adnovum is leveraging its Swiss roots
Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security Continue Reading
-
News
22 Apr 2022
UAE bolsters cyber security
The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading
-
News
22 Apr 2022
Finance regulator identifies challenger bank financial crime weaknesses
Financial Conduct Authority review finds challenger banks need to do more to prevent their platforms being used to commit financial crime, such as money laundering Continue Reading
-
News
21 Apr 2022
Five Eyes in new Russia cyber warning
Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure Continue Reading
-
News
20 Apr 2022
One-third of scams that hit TSB are impersonation fraud
TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them Continue Reading
-
News
14 Apr 2022
Lack of expertise hurting UK government’s cyber preparedness
UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report Continue Reading
-
News
14 Apr 2022
Government agrees bulk surveillance powers fail to protect journalists and sources
Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance Continue Reading
-
News
13 Apr 2022
Microsoft patches two zero-days, 10 critical bugs
Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service Continue Reading
-
News
12 Apr 2022
Universal IAM policy failings put cloud environments at risk
Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study Continue Reading
-
News
11 Apr 2022
Singapore to start licensing cyber security service providers
Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards Continue Reading
-
News
11 Apr 2022
Border IT system fixed after 10-day outage
Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand Continue Reading
-
News
08 Apr 2022
EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional
Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court Continue Reading
-
News
07 Apr 2022
MPs and editors sound alarm over threat to Freedom of Information
Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability Continue Reading
-
Video
07 Apr 2022
The rise and rise of blockchain technology
The growing use of blockchain across Asia-Pacific is set to continue, with spending on the technology slated to hit $2.4bn this year, according to IDC Continue Reading
-
News
05 Apr 2022
Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution Continue Reading
-
News
05 Apr 2022
Discount retailer The Works hit by cyber attack
A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature Continue Reading
-
Definition
05 Apr 2022
SOC 1 (System and Organization Controls 1)
System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements. Continue Reading
-
News
01 Apr 2022
TechUK calls on government to seize post-Brexit data opportunities
Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles Continue Reading
-
News
31 Mar 2022
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech Continue Reading
-
News
30 Mar 2022
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors Continue Reading
-
News
29 Mar 2022
Overhaul of UK police tech needed to prevent abuse
Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’ Continue Reading
-
News
29 Mar 2022
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware Continue Reading
-
News
29 Mar 2022
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading
-
News
28 Mar 2022
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading
-
News
25 Mar 2022
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens Continue Reading
-
News
23 Mar 2022
NHS urgent care provider uses ID and access management to reduce complexity for clinicians
Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords Continue Reading
-
Opinion
22 Mar 2022
Revised scope of UK security strategy reflects digitised society
The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
-
News
21 Mar 2022
Siloed data holding back coordinated health responses
Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success Continue Reading
-
Definition
21 Mar 2022
Sarbanes-Oxley Act (SOX) Section 404
Sarbanes-Oxley Act (SOX) Section 404 mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test, and maintain those controls and procedures to ensure their effectiveness. Continue Reading
-
Opinion
21 Mar 2022
How 2022’s most significant data privacy trends affect your organisation
Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading
-
Opinion
21 Mar 2022
UK Cyber Strategy a welcome injection of progress
The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading
-
Definition
21 Mar 2022
COPPA (Children's Online Privacy Protection Act )
The Children's Online Privacy Protection Act of 1998 (COPPA) is a federal law that imposes specific requirements on operators of websites and online services to protect the privacy of children under 13. Continue Reading
-
Opinion
18 Mar 2022
National Cyber Strategy will enhance UK’s cyber power status
The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading
-
News
17 Mar 2022
Kaspersky CEO: Ukraine war must end through diplomacy
Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting Continue Reading
-
News
17 Mar 2022
Online Safety Bill introduced in Parliament
The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs Continue Reading
-
News
16 Mar 2022
Biden signs ransomware reporting mandate into law
CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours Continue Reading
-
News
16 Mar 2022
Two men convicted after using EncroChat cryptophones to plot killing
Evidence from the encrypted phone network EncroChat led to the conviction of two men for conspiracy to murder Continue Reading
-
News
15 Mar 2022
Meta fined €17m over EU data breaches
The Irish Data Protection Commissioner has fined Meta after finding it in breach of GDPR rules Continue Reading
-
Opinion
15 Mar 2022
How cyber security teams can conquer the four-day working week
The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition Continue Reading
-
Opinion
15 Mar 2022
Achieving agility, collaboration and data control in the cloud
Organisations have historically had to make a trade-off between the proven benefits of the cloud and maintaining full control of their data, but with the right strategy it is possible to have both Continue Reading
-
Opinion
14 Mar 2022
Encryption myths versus realities of Online Safety Bill
The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it Continue Reading
-
News
11 Mar 2022
Police EncroChat cryptophone hacking implant did not work properly and frequently failed
Surveillance operation against EncroChat encrypted phone network had repeated technical failures Continue Reading
-
Opinion
10 Mar 2022
National Cyber Strategy misses the mark in one important way
The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way Continue Reading
-
News
09 Mar 2022
Paid-for advertising measures included in Online Safety Bill
New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months Continue Reading
-
Feature
09 Mar 2022
Cloud-era disaster recovery planning: Maintenance and continuous improvement
In the final article in this four-part guide to disaster recovery planning, we look at how and when to update, maintain, audit, review and continually improve the DR plan Continue Reading
-
News
09 Mar 2022
Microsoft serves up three zero-days on March Patch Tuesday
Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders Continue Reading
-
Opinion
08 Mar 2022
Security Think Tank: Building the cyber workforce we need
The UK’s new National Cyber Strategy is clear in its ambitions, but to fulfil them, we must double down on appropriate skills development, says ISACA director Mike Hughes Continue Reading
-
News
07 Mar 2022
Ukraine joins Nato cyber knowledge hub
Ukraine is to become a contributing participant in Nato’s Cooperative Cyber Defence Centre of Excellence Continue Reading
-
News
04 Mar 2022
Scrapping NHS Digital a backward step for patient data rights
Former NHS Digital chair Kingsley Manning has spoken out over proposals to fold NHS Digital into NHS England, saying that more oversight is needed to safeguard patient data in light of recent events Continue Reading
-
News
04 Mar 2022
Microsoft stops sales of products and services to Russia
Citing sanctions and cyber security concerns, Microsoft has become the latest company to withdraw from the Russian market Continue Reading
-
Opinion
04 Mar 2022
Assessing the aims of the Government Cyber Security Strategy
The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable? Continue Reading
-
News
03 Mar 2022
Boardroom does not see ransomware as a priority
Less than a quarter of company directors think ransomware is a top priority for their security teams, according to Egress Continue Reading
-
News
03 Mar 2022
Nato Cyber Security unit tests post-quantum VPN
Nato’s Cyber Security Centre has successfully tested secure communication flows in a post-quantum world using a UK-designed VPN Continue Reading
-
News
03 Mar 2022
Direct action is a risky business for Ukraine's volunteer hackers
Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading
-
News
01 Mar 2022
DCMS opens consultation on telecoms cyber standards
Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act Continue Reading
-
News
25 Feb 2022
Irish data watchdog calls for ‘objective metrics’ for big tech regulation
Helen Dixon, Ireland’s data protection commissioner, says EU regulators must agree on metrics to measure the effectiveness of data protection regulation Continue Reading
-
Feature
24 Feb 2022
Define RPO and RTO tiers for storage and data protection strategy
We look at RPO and RTO in defining data protection and disaster recovery strategies and how to specify tiers that reflect the importance of different systems in your organisation Continue Reading
-
Opinion
24 Feb 2022
The UK’s cyber security sector is thriving, but our work has only just begun
The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading
-
News
23 Feb 2022
Attempted burglary exposes risk of NatWest customer data in former worker’s home
Former Royal Bank of Scotland employee offers bank a compromise in her dispute over the return of confidential customer information Continue Reading
-
Feature
17 Feb 2022
It takes a village: Protecting kids online is everyone’s responsibility
The rapid uptake of smartphones among children has contributed to the increasing number of cases of cyber bullying and online grooming. Is this an educational issue or a cultural problem, and can modern enterprise help? Continue Reading
-
News
16 Feb 2022
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading
-
News
16 Feb 2022
Cloud Security Alliance publishes guidelines to bridge compliance and DevOps
The Cloud Security Alliance has published a report detailing practices that organisations can adopt to bridge the gap between compliance and software development and operations Continue Reading
-
News
11 Feb 2022
CMA secures final Privacy Sandbox guarantees from Google
The CMA has secured a final set of Privacy Sandbox commitments from Google relating to the proposed removal of third-party cookies from its Chrome browser Continue Reading
-
News
11 Feb 2022
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading
-
News
11 Feb 2022
Hackney Council could be forced to answer questions about IT security training after Psya ransomware
Council is negotiating with the information commissioner after refusing to reply to questions under the Freedom of Information Act about staff IT and security training during the pandemic Continue Reading
-
News
10 Feb 2022
How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe
Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network Continue Reading
-
Opinion
10 Feb 2022
Phishing tests are a useful exercise, but don’t overdo it
The vast majority of cyber attacks start with a phish, so it’s not surprising that phishing tests form part of cyber training plans. But sometimes these tests go too far. Cyberis’ Gemma Moore looks at how to avoid the pitfalls Continue Reading
-
News
10 Feb 2022
UK second in money laundering hall of shame
Banks need to step up their anti-money laundering processes if billions of pounds’ worth of criminal activity is to be prevented Continue Reading