dcsimg

How ISO 27001 can help protect your organisation

There’s a reason ISO 27001 is the go-to standard for information security. It details best practices for staying secure, covering the way you manage people, processes and technology. Certifying to ISO 27001 demonstrates that your organisation’s practices are up to scratch, and although it obviously doesn’t eradicate the risk of data breaches, it goes a long way to keeping you secure. If you do … [Read more...]

52% of web applications contain high-severity vulnerabilities

A new study has highlighted the poor state of web application security. Positive Technologies tested various web applications, and found that every single one contained vulnerabilities, with 52% containing high-severity weaknesses.  The Web Application Vulnerabilities report also found that:  48% of tested applications are vulnerable to unauthorised access;  44% of applications placed personal … [Read more...]

The future for CISOs following the introduction of the GDPR and NIS Directive

The responsibilities of the CISO (chief information security officer) have remained consistent over the years, but big changes in the cyber security landscape in 2018 could spark an evolution of the role.  Largely led by the introduction of the EU GDPR (General Data Protection Regulation) and the NIS Directive (Directive on security of network and information systems), organisations are shifting … [Read more...]

Why you should adopt ISO 27001

With cyber attacks and data breaches on the rise, cyber security is fast becoming organisations’ top priority. Many have chosen to mitigate the risk by implementing an information security management system (ISMS). An ISMS is a system of processes, documents, technology and people that helps organisations manage, monitor and improve their information security in one place. ISO 27001 is the … [Read more...]

What am I supposed to do with all these privacy policy emails?

Society doesn’t tend to agree on much, but late last week hundreds of millions of people were united by the question: “What’s with all these emails about updated privacy policies?” The flurry of messages led to many jokes and memes, but lost among the humour was the reason for this torrent of emails. It wasn’t just an amazing coincidence that every organisation you’ve ever visited updated its … [Read more...]

Snapchat releases details of its GDPR compliance measures

Snapchat has announced changes to its privacy policy and user settings as it prepares for the EU General Data Protection Regulation (GDPR), which takes effect on 25 May 2018. Many organisations have downplayed the requisite changes as ‘tweaks’ to their policies, but Snapchat has made a point of emphasising its widespread alterations. The most significant revelation is that, unlike rival messaging … [Read more...]

Danish rail network DSB hit by cyber attack

DSB, the Danish state rail operator, was hit by a distributed denial-of-service (DDoS) cyber attack on Sunday, April 13. A DDoS attack attempts to disrupt a host or network from connecting to the Internet in order to render a network or machines unavailable. It meant that passengers were unable to buy tickets on Sunday, and purchases through DSB’s ticket machines, app, website and retail stores … [Read more...]

9 steps to implementing ISO 27001

There are many reasons to adopt ISO 27001, the international standard that describes best practice for an information security management system (ISMS). It helps organisations improve their security, comply with cyber security regulations, and protect and enhance their reputation. But implementing the Standard takes a lot of time and effort. That should be obvious, at least if you believe the … [Read more...]

The GDPR: What you need to know about DPIAs

Article 35 of the EU General Data Protection Regulation (GDPR) introduces the concept of data protection impact assessments (DPIAs). DPIAs help organisations identify and minimise privacy risks in data processing activities. They are essential if you process any high-risk data, but they are also relevant when you are introducing a new data collection process, system or technology. An effective … [Read more...]

How to create a strong password

“My password was hacked”: it’s the go-to excuse for people who post something regrettable on social media. Numerous celebrities, famous athletes and politicians have attempted to negate scandals by framing themselves as victims of a cyber attack. Perhaps some of them were telling the truth, but they’re hardly admonishing themselves of blame by admitting to being – or pretending to be – so bad at … [Read more...]