Archive for May, 2012
Information Commissioner’s Office consults on new anonymisation code of practice
Posted by brianfpennington in brian pennington on 31/05/2012
The Information Commissioner’s Office (ICO) has begun a public consultation on a new anonymisationcode of practice. The code will provide guidance on how information can be successfully anonymised and how to assess the risks of identification. The ICO has also launched a tendering process to establish a network of experts to share best practice around the release of data in […]
Database security and SIEM are the top Risk and Compliance concerns
Posted by brianfpennington in brian pennington on 30/05/2012
The McAfee report Risk and Compliance Outlook: 2012, has been published and has discovered Database Security and Security Information and Event Management (SIEM) were among the top priorities due to an increase in Advanced Persistent Threats (APT). Database hold the valuable data the criminals are searching for, it therefore follows that Database Security is a growing issue […]
Proposed European wide Data Protection Act – a review
Posted by brianfpennington in brian pennington on 28/05/2012
Over the last few months I have attended several conferences and read a lot of research on the proposed upgrade of the European Commission’s 1995 Data Protection Act and have found it fascinating. The rumours, the speeches, the headlines and of course the lack of clarity on how the major issues will be dealt with […]
Call Centre Security and PCI Compliance
Posted by brianfpennington in Uncategorized on 24/05/2012
Reblogged from Brian Pennington: Credit Card data is the Crown Jewels for hackers and the financial lifeblood of many companies. An Account Data Compromise, also known as a breach can lead to bad press and a bad reputation, you only need to Google Play.com or Lush to see the impact. With the 18th March 2011 launch […]
Survey: 99% rate Security is a major consideration when choosing the Cloud
Posted by brianfpennington in brian pennington on 24/05/2012
Intel have produced a very interesting survey on the way businesses perceive the Cloud, what they are looking for whether it is Private or Public and who seems to be the most secure.Below is my summary of the survey’s results. Intel surveyed 200 IT professionals about a wide variety of cloud topics, including the key business and […]
No NHS fines for breaching the Data Protection Act then two come along in quick succession
Posted by brianfpennington in brian pennington on 21/05/2012
At the end of April the Information Commissioner’s Office fined The Aneurin Bevan Health Board for breaching the Data Protection Act and today they fined Central London Community Healthcare (CLCH) NHS Trust £90,000. The CLCH breach first occurred in March 2011, after patient lists from the Pembridge Palliative Care Unit, intended for St John’s Hospice, were faxed to the wrong […]
Guidance for merchants on how to securely accept mobile payments the PCI way
Posted by brianfpennington in PCI DSS Compliance on 16/05/2012
This has been coming for a while but finally the PCI SSC has published a fact sheet outlining how merchants can securely accept payments using mobile devices such as smartphones or tablets. The “At a Glance: Mobile Payment Acceptance Security fact sheet” provides merchants with actionable recommendations on partnering with a Point-to-Point Encryption (P2PE) solution […]
PCI Security Standards Council announces qualified integrators and resellers certification program
Posted by brianfpennington in PCI DSS Compliance on 10/05/2012
The PCI SSC quotes results from the Trustwave 2012 Global Security Report which states that 76% of the breaches they investigated were a result of security vulnerabilities introduced by a third party responsible for system support, development and/or maintenance of business environments. Errors introduced during implementation, configuration and support of PA-DSS validated payment applications by third parties […]
UK Fraud Report 2012
Posted by brianfpennington in brian pennington on 09/05/2012
In April Experian released their 2012 review of Fraud in the UK. There are some interesting findings and a summary of the 28 page document is below. Executive Summary of the report Annual fraud losses across the UK are now estimated to now top £70 billion Of this around £3.5 billion is in financial services […]
RSA’s April Online Fraud Report 2012
Posted by brianfpennington in brian pennington on 04/05/2012
In their April Online Fraud Report RSA reports on the activity of online fraudsters, full summary below. As well as the usual interesting statistics on fraudulent activity this report sheds light on the changes to the Citadel Trojan. Citadel Trojan hooks system processes to isolate bots from AV and security. The Citadel Trojan was first introduced […]
May is Scam Awareness Month
Posted by brianfpennington in brian pennington on 01/05/2012
The Trading Standards Institute (TSI) has launched its Scam Awareness Month to stop the surge in criminals scamming people out of their saving. From fake lottery wins in the post to Microsoft and Anti Virus support on the phones, Prince X trying to get his millions out of the country via email and door-to-door conmen they all […]