dcsimg

Looking for a cyber security qualification? Try CISSP

If you’re interested in gaining a high-ranking position in the information security industry, your best bet is probably the CISSP® exam (Certified Information Systems Security Professional) qualification.  In this blog, we’ll tell you why it’s the most valuable training course for those entering the industry and explain everything you need to know before enrolling on a training course.    The … [Read more...]

Data Protection and the risks associated with the Cloud

This book is intended to be an introduction to the risks involved in Cloud sourcing, to enable managers to ask the right questions. Suggestions are offered for the kind of risks an organisation’s use of the Cloud might generate, and the remedial measures that might be taken. These are given as examples only and are not intended to be a substitute for qualified legal or technical advice. Other … [Read more...]

What’s the difference between a data breach and a cyber security incident?

The information security industry is full of jargon, but luckily most terms only crop up when you’re dealing with specific, technical topics. However, there’s one common but surprisingly complex phrase that often appears without further explanation: ‘cyber security incident’.  You might assume it’s simply a euphemism for organisations that don’t want to say ‘we’ve suffered a data breach’. That’s … [Read more...]

The GDPR has led to a spike in DSARs (data subject access requests)

Depending on who you ask, the GDPR (General Data Protection Regulation) has either overhauled the way organisations handle personal data or it’s a complex and ultimately pointless piece of bureaucracy.  Fortunately, the number of people in the latter camp has shrunk in the past year or so, as the GDPR has proven to have a tangible effect on business. And we’re not just talking about fines, both … [Read more...]

Protect your information assets with effective risk management

In today’s information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. An … [Read more...]

Get involved in #CyberSecMonth 2019

This week marks the beginning of ECSM (European Cyber Security Month) 2019, an initiative run by ENISA (the European Union Agency for Cybersecurity), the European Commission DG CONNECT and partners to promote the importance of cyber security and highlight the steps that can be taken to mitigate cyber security risks.   This year’s themes The theme in the first two weeks is cyber hygiene, and … [Read more...]

Cyber attacks and data breaches in review: September 2019

September may have fewer data breach incidents than the previous month, but overall there was a massive 363% increase, totalling 531,596,111 breached records. This number includes a whopping 419 million data records exposed from an unknown server and brings the total breached record for the year so far to 10,331,579,614. Plenty of those breaches occurred in Europe, so let’s delve into a few of … [Read more...]

Google wins landmark ruling on the ‘right to be forgotten’

A landmark ruling by the ECJ (European Court of Justice) says that Google does not have to apply the ‘right to be forgotten’ globally.  The case goes back to 2015 when the French data protection authority (CNIL) ruled that Google must remove damaging or false information from the search engine when the ‘right to be forgotten’ is requested. Google was also fined €100,000 for failing to apply … [Read more...]

A concise guide to PCI DSS v3.2.1

All target dates for compliance with the PCI DSS have long since passed. The Standard is now on its third version, with the fourth in development with a predicted release date of Q4 2020. It is likely that v3.2.1 will be withdrawn around the end of 2021. Many organisations around the world – particularly those that fall below the top tier of payment card transaction volumes – are not yet … [Read more...]

Polish data protection authority issues €645,000 fine to online retailer

Poland’s Personal Data Protection Office (UODO) this week imposed a PLN 2.8 million (€645,000) fine on online retailer Morele.net for “insufficient organisational and technical safeguards”.  The data breach affected approximately 2.2 million customers who purchased products through one of the group’s nine websites.   The extent of the data breach The leaked data included names, telephone … [Read more...]