dcsimg

PCI DSS: The importance of penetration testing

Often, organisations rely on vulnerability scans to identify their weaknesses. They are told that vulnerability scanning is as good as penetration testing and that it will be enough to meet the compliance requirements of the PCI DSS (Payment Card Industry Data Security Standard).  However, scanning and testing perform two different jobs, and the PCI DSS mandates that you conduct both on a regular … [Read more...]

Penetration testing and the EU GDPR

Data breaches are on the rise and affecting Irish organisations, most recently Eir and Cork City Council’s Park by Phone service.  Criminal hackers are gaining access to organisations’ networks using a variety of techniques, so ensuring your network is secure should be high on your agenda. Penetration testing is an effective method of determining the security of your networks and web applications, … [Read more...]

Is it legal for organisations to request your date of birth?

When you sign up for an online service, you’re often asked to provide personal details. Usually, you won’t have a problem with this: an organisation obviously needs your name and email address to contact you. But when they start asking for seemingly unnecessary information, you might get concerned. Why do you need to give your date of birth when downloading a green paper? Or to create an account … [Read more...]

How effective are the GDPR’s rules on the age of consent?

If you’ve ever used an online service that requires age confirmation, you’re probably aware of how inadequate the restrictions usually are. All you’re asked to do is check a box or provide your date of birth. There’s no evidence required, and no one will follow up to make sure you were telling the truth.  Until recently, there were no signs that anybody was particularly bothered by these lax … [Read more...]

July book of the month: A bumper ISO 27001 edition

Every month, IT Governance selects a book of the month from our extensive catalogue of cyber security guides, but this month we’ve been decided that one book just wasn’t enough. That’s why we’ve picked The ISO 27001 Expertise Bundle, which comprises four invaluable guides to help you understand and implement the information security standard.  Here’s an overview of each book and why you … [Read more...]

Online anonymity has allowed cyber crime to thrive

Online anonymity is a complicated topic. There’s no doubt that the elasticity it gives our identities is a massive benefit. We can explore different sides of our personality without affecting the reputation of any other part of us. Unfortunately, that’s also proven to bring out the worst in some of us, with people committing acts online that they would never do in person. Cyber bullying and mob … [Read more...]

Why you need to report cyber attacks

Once you’ve been hit by a cyber attack, the damage has already been done. There’s no way to make the disruption disappear, so you might suppose it’s best to just get on with things. Reporting the incident to your supervisory authority means extra work and could cause a PR nightmare. Nonetheless, it’s essential that you notify relevant parties of the breach. The attacker is a criminal, and it’s … [Read more...]

9 steps to implementing ISO 27001

There are many reasons to adopt ISO 27001, the international standard that describes best practice for an information security management system (ISMS). It helps organisations improve their security, comply with cyber security regulations, and protect and enhance their reputation. But implementing the Standard takes a lot of time and effort. That should be obvious, at least if you believe the … [Read more...]

The GDPR and Brexit

In less than a month from now, the General Data Protection Regulation (GDPR) comes into force across the EU. It is expected that businesses and charities across Ireland have taken the necessary measures, such as preparing new policies, appointing chief information security officers, restricting IT admin rights and installing firewalls and controls over company-owned devices, to ensure compliance … [Read more...]

How to spot a phishing attack

Phishing is one of the biggest threats that individuals and organisations face, but do you know what they are, what they look like, and where to look for them? In the broadest sense, phishing is any attempt to pose as a trustworthy source in order to get people to hand over personal information. Phishing usually takes the form of mass emails sent to hundreds or thousands of people, criminals can … [Read more...]