dcsimg

Penetration testing and the EU GDPR

Data breaches are on the rise and affecting Irish organisations, most recently Eir and Cork City Council’s Park by Phone service.  Criminal hackers are gaining access to organisations’ networks using a variety of techniques, so ensuring your network is secure should be high on your agenda. Penetration testing is an effective method of determining the security of your networks and web applications, … [Read more...]

Benefits of ISO 27001 Certification

IT Governance led the world’s first ISO 27001 certification project and we’ve been at the forefront of the cyber security initiative ever since. Certification to ISO/IEC 27001 demonstrates to existing and potential customers that you have taken the necessary steps to protect your business, and is proof of effective internal security practices, giving you a competitive edge.   Other ways in which … [Read more...]

Is it legal for organisations to request your date of birth?

When you sign up for an online service, you’re often asked to provide personal details. Usually, you won’t have a problem with this: an organisation obviously needs your name and email address to contact you. But when they start asking for seemingly unnecessary information, you might get concerned. Why do you need to give your date of birth when downloading a green paper? Or to create an account … [Read more...]

How effective are the GDPR’s rules on the age of consent?

If you’ve ever used an online service that requires age confirmation, you’re probably aware of how inadequate the restrictions usually are. All you’re asked to do is check a box or provide your date of birth. There’s no evidence required, and no one will follow up to make sure you were telling the truth.  Until recently, there were no signs that anybody was particularly bothered by these lax … [Read more...]

Summer offers to kick-start your cyber security journey. Don’t miss out! 

IT Governance is a leading global provider of IT governance, risk management and compliance solutions, with a special focus on cyber resilience, data protection, the PCI DSS (Payment Card Industry Data Security Standard), ISO 27001 and cyber security.  We are committed to helping organisations protect themselves and their customers from the perpetually evolving range of cyber threats. Our deep … [Read more...]

The GDPR: How to send sensitive information by email

Organisations always have to worry about the security of the information they send by email. You can never be certain who has access to your messages, and everyone has probably been guilty at least once of sending a message to the wrong person or accidentally hitting ‘reply all’.  Your misdelivered message might have only contained mundane chatter and left you feeling embarrassed. However, if your … [Read more...]

Majority of EU member states missed NIS Directive deadline

Critical service providers across Europe are in for a bumpy ride later this year, and they have their governments to thank. These organisations are subject to the NIS Directive (Directive on security of network and information systems), which each EU member state was required to transpose into national law by 9 May 2018.  However, we’re now three months past that deadline and only 11 nations have … [Read more...]

Meeting ISO 27001’s staff awareness training requirements

Staff awareness training is one of the most effective ways of preventing data breaches. That’s why it’s at the front and centre of ISO 27001, the international standard that describes best practice for an ISMS (information security management system).  The Standard recognises that, although technological defences are essential, their use is limited if employees make careless mistakes. There’s … [Read more...]

CEOs the worst offenders when it comes to email security

Nearly 60% of organisations will fall victim to an email-based attack this year, and there’s a good chance the guilty party will be the CEO, according to Mimecast’s The State of Email Security 2018. According to the report, 37% of respondents said their organisation’s CEO is a “weak link” in their cyber security programme. Evidence backs this up: Mimecast found that 31% of C-level employees had … [Read more...]

The top cyber security trends of 2018 so far

There have been more than 600 data breaches this year, so people who want to pick out the most serious incidents have plenty to choose from. It’s not simply a case of finding the breaches involving the highest number of stolen records, because a breach compromising names and email addresses isn’t the same as a breach compromising payment card information. Besides, infrastructural damage and … [Read more...]