Archive for August, 2012
Advance malware threats are growing at an alarming rate
Posted by brianfpennington in Uncategorized on 30/08/2012
FireEye have published their Advanced Threat Report for the first half of 2012. The results are based on their knowledge of Advanced Persistent Threats and the rest of the malware market. Their key findings are: Organizations are seeing a massive increase in advanced malware that is bypassing their traditional security defenses. The patterns of attack volumes […]
An overview of EU security legislation and the impact of cyber incident reporting
Posted by brianfpennington in brian pennington on 29/08/2012
The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA has responded to the growing threat posed by cyber security incidents by producing an overview paper of current legislation and the impact of incident reporting. I have summarised […]
RSA’s August Online Fraud Report 2012 including a summary of Fraud as a Service (FaaS)
Posted by brianfpennington in brian pennington on 28/08/2012
In their August Online Fraud Report RSA reports on the activity of online fraudsters, a summary is below. A five-year retrospect on Fraud as a Service (FaaS) reveals that the types of services sold today have changed very little; the more noticeable changes came in the shape of scalability, service relevancy, higher availability, better deals, customer […]
65% of businesses do not protect their customers’ private data
Posted by brianfpennington in PCI DSS Compliance on 24/08/2012
According to a survey by GreenSQL more than 65% of businesses do not protect their customers’ private data from unauthorised employees and consultants. The results are interesting because every day we hear of another data breach or another form of malware which can steal data or at least damage data and you would think that […]
Counting the cost of e-crime to retailers. Actually it’s £205.4 million a year.
Posted by brianfpennington in brian pennington on 23/08/2012
The British Retail Consortium (BRC) has released the findings of their first e-crime study. The study is based on responses to a quantitative survey conducted between April and May 2012. Respondents were members of the BRC drawn from a selection of key retailing types including supermarkets, department stores, fashion, health and beauty and mixed retail. The retailers questioned constitute […]
Who has breached the Data Protection Act in 2012? Find the complete list here.
Posted by brianfpennington in brian pennington on 16/08/2012
So far 2012 has been a busy year for the Information Commissioners Office (ICO) and with almost three quarters of the year gone I thought I would look at who has fallen foul of the Data Protection Act. There are normally three types of punishments administered by the ICO Monetary. The most serious of the […]
PCI Security Standards Council’s Qualified Integrators and Resellers program is now live
Posted by brianfpennington in PCI DSS Compliance on 15/08/2012
The PCI SSC’s the Qualified Integrators and Resellers (QIR)™ Program will train and qualify integrators and resellers that sell, install and/or service payment applications on the secure installation and maintenance of PA-DSS validated payment applications to support merchant PCI DSS security efforts. Eligible organizations can now register for the QIR program by visiting the PCI […]
Who is responsible for data protection in the cloud?
Posted by brianfpennington in brian pennington on 10/08/2012
Encryption in the Cloud is a Ponemon Institute report sponsored by Thales. The study considers how encryption is used to ensure sensitive or confidential data is kept safe and secure when transferred to external-based cloud service providers. 4,140 business and IT managers in the United States, United Kingdom, Germany, France, Australia, Japan and Brazil were surveyed. Following […]
The Information Commissioner’s 5 Tips on how to better protect personal information
Posted by brianfpennington in PCI DSS Compliance on 08/08/2012
The UK’s Information Commissioners office has created a list of 5 useful tips for protecting personally identifiable information (PII). The list comes on the back of an offer by the ICO to help charities and other third sector organisations to help them protect data and avoid potential fines of up to £500,000. Louise Byers, Head […]
Torbay Care Trust (NHS) fined £175,000 for breaching the Data Protection Act
Posted by brianfpennington in brian pennington on 06/08/2012
Torbay Care Trust in Torquay has been fined £175,000 after it published the sensitive details of over 1,000 employees on the Trust’s website. Staff at the Trust published the information in a spreadsheet on their website in April 2011 and only realised when a member of the public reported it 19 weeks later. The data […]
PCI Security Standards Council Internal Security Assessor (ISA) training now available as an eLearning course
Posted by brianfpennington in Uncategorized on 03/08/2012
The new self-paced eLearning course is an online version of the Council’s existing instructor-led ISA training. ISA training provides businesses the opportunity to educate qualifying employees responsible for managing their PCI DSS security programs on how to assess and validate their company’s adherence to PCI Security Standards. The curriculum is comprised of a four-hour online pre-requisite […]