Posts Tagged: infosec

Balancing Cyber Security Risk & Reward

Cyber Security

Ensuring that the Board understands how cyber security risks affect the business – a challenge for all Non-Executive Directors

Security News Roundup: Defending The Indefensible

Here’s a data security conundrum. The news that anonymous DNA sample data has been used to personally identify the original donor sounds, at first, like an information security problem. The reality is, it isn’t.  A team of geneticists has shown there is a systematic weakness in the way that this data is handled. It turns out… Read more »

Security News Roundup: Can You Hear Me Now?

Sometimes, the price of success is unwanted attention. Witness the apparently stratospheric rise in malware on the Android mobile platform. With mobile usage continuing to explode, coupled with the vast array of valuable data we store and access from our phones, it should come as no surprise that the  bad guys want a piece of… Read more »

Security News Roundup: Chinese Take-away

The biggest story this week. Chinese military unit behind ‘prolific and sustained hacking’ says security report.  A highly-skilled team of intelligence gatherers working systematically to steal confidential information from organisations around the globe?  Shocking stuff – we can’t imagine for a moment that our government is doing the same thing. But things move fast in the murky… Read more »

ATM & E-Commerce Security Guidelines

A couple of new information supplements have been released by the PCI SSC, covering E-commerce and ATM PIN security. “PCI DSS E-commerce Guidelines”  contains a nice summary of common E-commerce models, vulnerabilities and some recommendations too. From the intro: “This Information Supplement is intended for merchants who use or are considering the use of e-commerce technologies in… Read more »

8 Recurring Themes Within The PCI DSS

The PCI DSS is a security standard that embodies a number of underlying principles. What are these principles? As with all PCI compliance questions, the answers usually lie in understanding the intent behind the requirements of the standard. Although there are many individual requirements detailed within in the PCI DSS, collectively they are based upon… Read more »

7 Security Warning Signals

2011 featured plenty of news about high-profile data loss and cybercriminal activity. And so did 2012. Any guesses for 2013? Some common causes emerge in all of these cases. Poorly managed infrastructure, insecure web applications, and a lack of attention to security procedures are often cited. But how do these conditions arise? How is it… Read more »