brianfpennington
Experienced IT professional currently helping businesses achieve Payment Card Industry Compliance (PCI DSS) and improve their overall IT Security posture.
Homepage: http://brianfpennington.wordpress.com
Is the concern for data protection making half of all employees less productive?
Posted in Uncategorized on 04/06/2013
In 2010, the Visual Data Breach Risk Assessment Study revealed that two out of three working professionals are displaying sensitive information on their mobile devices, such as social security numbers, credit card numbers and other non-regulated but sensitive company information, when outside the office. This points to the insight that in certain circumstances people value […]
Top Tips from the ICO for when you are moving premises – do not forget to check the cabinets being one
Posted in brian pennington on 03/06/2013
After another NHS body * decides to ignore simple Data Protection guidelines the UK Information Commissioner has repeated his Top 5 Tips to help organisations improve their approach to Data Protection, especially those moving premises: Personal information is at particular risk when moving premises – make sure its security is a priority. All but one […]
Finally a prosecution of a former employee stealing confidential information
Posted in Uncategorized on 03/06/2013
Thousands of people everyday must copy, save or forward information for innocent or mischievous purposes but now there is a quotable case that can be used to deter such risky activities. A former manager of a health service based at a council run leisure centre in Southampton has been prosecuted by the Information Commissioner’s Office (ICO) for unlawfully […]
Schools are concerned about cloud security
Posted in Uncategorized on 30/05/2013
SafeGov.org and the Ponemon Institute have released the results of a survey of UK schools designed to measure the views of school staff on the rapidly rising use of cloud services in the education sector and the potential risks to student privacy. The study focused on cloud versions of email and document collaboration tools: a majority […]
The drivers for BYOD
Posted in Uncategorized on 28/05/2013
In the recent F5 document promoting their BYOD solutions F5 had an interesting section on what were the drivers for BYOD. The F5 “BYOD Drivers” section is below. In 2013, the mobile workforce is expected to increase to 1.2 billion, a figure that will represent about 35% of the worldwide workforce and many of those workers […]
Irish Data Protection Commissioner publishes his 2012 Annual Report
Posted in Uncategorized on 25/05/2013
This week sees the Irish Data Protection Commissioner, Billy Hawkes, release his annual report for 2012. The report summarises activities of the Commissioner’s Office during 2012 and like his UK counter part focuses on investigations and audits undertaken and provides a commentary on the impact of European and International Data Protection activities. As with the […]
76% of companies have had a data breach or expect to have a breach
Posted in brian pennington on 23/05/2013
Experian Data Breach Resolution and the Ponemon Institute have released a study that finds that, despite the majority of companies experiencing or anticipating significant cost and business disruption due to a material data breach, they still struggle to take the proper measures to mitigate damage in the wake of an incident. The report, “Is Your […]
UK Government’s update on its activities to protect children on the Internet
Posted in brian pennington on 22/05/2013
Earlier this month the UK Government provided an update to their activities around protecting children on the Internet. The update paper follows on from the June 2012 announcement of a consultation seeking views on three broad options for protecting children: “Default-on” or “opt-in” – where people’s home Internet Service Provider (or each internet-enabled device) blocks […]
Small firms lose up to £800 million to cyber crime a year
Posted in brian pennington on 21/05/2013
New research from the Federation of Small Businesses (FSB) shows that cyber crime costs its members around £785 million per year as they fall victim to fraud and online crime. The report shows: 41% of FSB members have been a victim of cyber crime in the last 12 months, putting the average cost at around […]
PCI Security Standards Council announces new board of advisors
Posted in PCI DSS Compliance on 16/05/2013
The PCI Security Standards Council (PCI SSC), announced election results for the 2013-2015 PCI SSC Board of Advisors. The Board will represent the PCI community by providing counsel to SSC leadership. The Council’s more than 690 Participating Organizations selected individuals from the following organizations to represent their industry’s unique perspectives in the development of PCI Standards […]
RSA’s April Online Fraud Report 2013, with a focus on the changes in Phishing tactics
Posted in brian pennington on 13/05/2013
Phishing still stands as the top online threat impacting both consumers and the businesses that serve them online. In 2012, there was an average of over 37,000 phishing attacks each month identified by RSA. The impact of phishing on the global economy has been quite significant: RSA estimates that worldwide losses from phishing attacks cost […]
PCI Security Standards Council publishes card production security requirements
Posted in PCI DSS Compliance on 09/05/2013
The PCI Security Standards Council (PCI SSC), has announced the publication of a standard for secure payment card production. The standard consists of two sets of requirements: PCI Card Production Physical Security Requirements PCI Card Production Logical Security Requirements Together, these documents provide card vendors with a comprehensive source of information describing the security requirements […]
RSA’s March Online Fraud Report 2013, with a focus on Email and Identity takeover
Posted in brian pennington on 26/03/2013
RSA’s March 2013 Online Fraud Report delivers the results from RSA’s fraud monitoring centre, a summary of the report is below. Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information from them. Compromised credentials are then typically sold in […]
Sometimes it is a good idea to have in-house skills
Posted in PCI DSS Compliance on 20/03/2013
After many discussions with people responsible for achieving and maintaining PCI DSS compliance within their organisation and hearing about their problems and pains, I often think about the skills they need and where they can get them. They could recruit, outsource or train with training being the most cost effective. I noticed on the PCI […]
Merchant sues VISA. Biting the hand that feeds you?
Posted in PCI DSS Compliance on 18/03/2013
I know that if there were no merchants there would be no credit card companies and I know that the “alternative” payments market is growing, such as PayPal and V.me, but at this time it is fair to say that consumers still favour credit cards when it comes to online payments. This is why when I […]
Receptionist prosecuted for breaching the Data Protection Act
Posted in brian pennington on 12/03/2013
Another nosy parker faces the results of their snooping after she decided to spy on her ex-husband’s new wife. The GP receptionist at a Southampton surgery was prosecuted by the UK’s Information Commissioner’s Office (ICO) for unlawfully obtaining sensitive medical records. The ICO reported on the 12th March 2013 that Marcia Phillips was prosecuted under section […]
An update on the progress of the European Data Protection Act
Posted in brian pennington on 12/03/2013
At last week’s Information Commissioners Data Protection Officers Conference in Manchester I had the privilege of being updated on the progress, or lack of progress, of the revised European Data Protection Act. With the existing directive dating back over 17 years an upgrade is well over due but there is significant pressure from businesses to […]
Lack of guidance on BYOD raises data protection concerns
Posted in brian pennington on 08/03/2013
The UK Information Commissioner’s Office (ICO) has commissioned a survey into business attitudes towards Bring Your Own Device (BYOD). The survey results shown many employers appear to have a ‘laissez faire’ attitude to allowing staff to use their personal laptop, tablets or smartphone for at work and for work business, which may be placing people’s personal information […]
The growing threat of insider fraud not a top security priority for organizations
Posted in brian pennington on 01/03/2013
An Attachmate sponsored Ponemon Survey indicates the growing threat of insider fraud is not a top security priority for organizations which is proving to be a costly mistake. On average, organisations experience approximately one fraud event per week, according to information from the second annual Attachmate and Ponemon Institute survey, “The Risk of Insider Fraud“ However, only […]
Survey reveals companies are taking risks whilst outsourcing consumer data
Posted in brian pennington on 28/02/2013
Experian Data Breach Resolution and the Ponemon Institute survey results identify opportunity for improved data oversight. The study, “Securing Outsourced Consumer Data”, reveals that many organizations (46%) do not evaluate the security and privacy practices of vendors before sharing sensitive or confidential information. The survey of almost 750 individuals in organizations that transfer consumer data to third-party vendors. […]
Brian Pennington
-
