to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

News - a Roundup of all News Items between August 2006 and mid October 2006, Newest First

 

Current News Updates compliance and privacy

An archive of all the news items between August 2006 and Mid October 2006 on Compliance and Privacy


To avoid long load times news is archived periodically. If you can't find what you are looking for on this page please refer to our archives. Please use the search engine for ease of retrieval.

Main News page | Archives: (oldest) 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 (most recent)


Data chief challenges US access to European Bank data

Europe's head of data protection has challenged the European Central Bank on its practice of allowing the US secret service access to private bank-transfer data.

The European Data Protection Supervisor, Peter Hustinx, has presented some preliminary observations on the study “The Interception of Bank Transfer Data from the Swift System by the US Secret Services”.

"We have not concluded our investigation on ECB's role yet, but there are already some observations that I can share publicly,” he said.

“I basically challenge the fact that the ECB continued to allow confidential client banking data to pass to the US, although it had become aware of the systematic access by American authorities. Moreover, I cannot help feeling that the ECB should have at least felt morally obliged to inform European governments and authorities about this scheme."

Read the ComputerWeekly.com article then Have Your Say


MiFID could kill LSE, says LogicaCMG

LogicaCMG, the IT company supplying many larger financial services customers, says implementation of MiFID rules could lead to the ‘death' of the London Stock Exchange.

The suggestion comes in a report from financial markets analyst Graham Bishop, commissioned by LogicaCMG , which suggests there are three possible industry scenarios after 1 November next year - when MiFID comes into effect – all of which rest on the development of so-called systematic internalisers.

As the regulations would allow larger financial services groups to match client buy and sell orders internally without being forced to go through a recognised exchange such as the LSE , the question now is to what extent internalisation may take place, the report warns.

Read the full article in ifaonline.co.uk and then Have Your say here


Benchmarking First For Peterevans Xanite

One of the UK 's leading independent software providers for the financial services sector peterevans has achieved the new B.I.S.S. ‘MiFID' benchmark accreditation for its new ‘xanite' suite.

Gary Wright, C.E.O., of B.I.S.S. Research, the exclusive research company offering a unique benchmarking of services and systems in the financial services sector, and creator of the B.I.S.S. business benchmarking concept said:

"peterevans is the first vendor to put their system through the B.I.S.S. ‘MiFID' benchmarking process and have been awarded the B.I.S.S. Accreditation. The B.I.S.S. ‘MiFID' benchmarking examines systems in the myriad of different areas that the MiFID Articles impact, including front, middle, back office, compliance etc. The award is based on how well the technology supports the clients' requirements for MiFID."

Read the article


Symantec Outlines Vision of Next-Generation Security

Products and Partnerships Focus on Protecting Information and Interactions, Increasing Customer Confidence in a Connected World

Symantec Corp. today (10 October 2006) outlined its vision for protecting customers from the next generation of threats targeting their information and interactions. The concept Symantec calls Security 2.0 brings together an ecosystem of products, services, and partnerships to help customers remain confident in today's connected world.

“Confidence is the essential component in today's digital world,” said John W. Thompson, Symantec chairman and chief executive officer. “Consumers and enterprises alike need to feel confident that their information is safe and their interactions are secure. Otherwise, the digital lifestyle will not be as exciting or dynamic, and we will not realize the full potential that new technologies bring to the connected world.”

Thompson, speaking at a company event in New York City, said that new technologies are driving new business models and opportunities for more online interaction. The Internet has changed the way consumers bank, shop, and interact online and has enabled them to connect directly to banks and e-tailers to conduct transactions. At the same time, competitive pressures are driving organizations to embrace more online collaboration and information sharing among their increasingly distributed workforces and their global suppliers and partners.

Read the Article


Banks voice unease on new UK police data powers

In computerweekly.com the following article (of which this is a snippet) appears:

UK banks are up in arms over the privacy threat posed by new government powers allowing the police and other agencies to demand the encryption keys that will unlock confidential data.

They say the powers, which will be put into effect in the next few months, could lead to misuse of disclosed keys and compromise the security of data storage. Individual privacy rights would be undermined in the process, hitting the reputation of the UK financial services industry and discouraging investment in the UK.

The banks have also warned that the enforced disclosure of encryption keys under UK law could place them in conflict with secrecy laws in countries such as Switzerland, which require data encryption keys to be kept confidential.

Read the article on computerweekly.com


83% of Adults Who Social Network Expose Themselves To Hackers and Identity Thieves

Kicking off October as National Cyber Security Awareness month, CA and the National Cyber Security Alliance (NCSA) today (4 October 2006) announced results of the first social networking study examining the link between specific online behaviors and the potential for becoming a victim of cyber-crime. Although social networking sites, such as MySpace and FaceBook, have been examined from the standpoint of physical security issues, including sexual predators, this survey examines users' online behavior and the possibility of other threats such as fraud, identity theft, computer spyware and viruses. Highlights of the survey include:

  • Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cyber-crime, they are still divulging information that may put them at risk. For example 74 percent have given out some sort of personal information, such as their e-mail address, name and birthday.
  • 83 percent of adults social networking are downloading unknown files from other people's profiles potentially opening up their PCs to attacks.
  • 51 percent of parents aware of their children social networking do not restrict their children's profiles so only friends can view, leaving their child's profiles unrestricted to potential predators.
  • Furthermore, 36 percent of these parents surveyed do not monitor their children on social networking sites at all.

Read the Article


Iconium Introduces New Solution To Reduce Burden Of MiFID Planning On British Businesses

Policy Manager Library Comprises Four Key Component Areas, Enabling Firms to Begin Preparing for MiFID Implementation

Iconium, a leading UK developer of corporate governance and compliance solutions, today (26 September 2006) announced an extension to Policy Manager, its industry-leading governance framework solution, with the launch of a comprehensive MiFID Library. Developed in conjunction with financial regulation and risk management experts DXL, the library provides financial services firms with the means to commence preparation for the implementation of the Markets in Financial Instruments Directive (MiFID).

Due for implementation on 1 November 2007, MiFID sets the legislative framework for a single European financial services market. It impacts organisations currently governed by the Investment Services Directive, but also extends the range of instruments and services. MiFID will drive the most far-reaching changes in financial markets for over ten years and have a significant impact on financial services regulation and how firms operate and interact with customers.

The MiFID Policy Manager library will provide firms with a stable framework and a clear adoption strategy of MiFID directives as they appear in the coming 12 months. It allows the creation of policies and provides a platform for them to be communicated to all employees and agents, ensuring client-facing staff have access to their firm's latest interpretation of MiFID and the standard MiFID rules. Once in the implementation phase, the MiFID library will fully demonstrate to the regulator that every attempt has been made to educate staff and agents in the requirements of MiFID and to ensure a compliant and uniform treatment of all customers and counterparties.

Read the article


MiFID intensifies threat to European exchanges

Bourses are rethinking strategies to compete in an altered landscape

The markets in financial instruments directive could be a significant threat to the business models of Europe's bourses but the exchanges have been dealing with a new world order for some time.

The advent of direct market access, algorithmic trading and increasing globalisation have encroached on their territory and forced them to re-evaluate their business models.

Many see Mifid, which comes into force in November next year (2007), as a catalyst that will accelerate changes that have started to alter the stock exchange landscape. These changes have been wrought by electronic trading platforms, banks increasingly internalising their order flow and fund managers looking to achieve best execution. Exchanges have been forced to add to their technology budgets to keep pace with developments.

Read the Financial News article


Basel II, US Banks Have Until January 2008 to Comply Plus 3 Year Transition Period

U.S. banking agencies announced in late 2005 that U.S. banks will be granted an extension to the January 2007 deadline for Basel II compliance by the Bank for International Settlements.  In May, the Basel Committee announced plans to maintain the most recently proposed capital-adequacy guidelines, which will decrease reserve levels for internationally active, diversified institutions based on the adopted approach to credit and operational risk.  U.S. banks now have until January 2008 to adhere to the new cross-border capital adequacy mandates, plus an additional three-year transition period, while other global institutions will be required to comply by early 2007.

Basel II brings a much greater level of granularity in the assessment of creditworthiness among obligors.  The goal is to align global capitalization standards with current banking practices. This will help minimize the potential for regulatory arbitrage-including known instances in which banks have leveraged certain assets to exploit weaknesses in Basel I's risk weighting system.   Basel II promotes three mutually reinforcing standards: minimum risk-based capital set-asides; supervisory review of an institution's capital adequacy and internal risk measurement methodologies; and market discipline through disclosure in order to promote sound practices.  In the U.S., guidelines will be mandatory for financial institutions with $250 billion or more in assets or $10 billion or more in foreign exposure.

Read the RiskCenter.com article


Deadline for Mifid to be pushed back, warns Farley

The deadline for banks to implement the European Union's Market in Financial Instruments Directive (Mifid) will be put back, according to Peter Farley, managing director of analyst Financial Insights.

“The market is saying it will not happen in November 2007 because those systems would have to be ready by March next year,” he told analyst IDC's European IT Forum 2006. He said, “There's a question about what's implemented on 1 November and where it is implemented, but everything indicates that 1 November is a firm date.”

Mifid requires banks to link their systems to a greater number of financial markets, because banking clients are entitled to the cheapest prices in Europe when transactions are made on their behalf.

Read the ComputerWeekly.com article


IFAs should outsource compliance

Jason Butler, an investment manager and partner, at London-based Bloomsbury Financial Planning said that with increasing regulation, smaller IFAs would have to outsource their compliance in order to stay afloat.

Butler was commenting on the impact of the forthcoming Markets in Financial Instruments Directive (MIFID).

Read the FT.com article


LogMeIn to Add Crime Fighting to Remote Connectivity Repertoire

Already Proven Aid in Recovering Stolen Laptops, LogMeIn Adding "Instant Shredder" Technology, Online History

With each day bringing yet another case of missing laptops and stolen data, LogMeIn, Inc., creator of the world's most widely used remote connectivity and support services, announcedon 26 September 2006 that it would introduce remote "instant shredding" capabilities for its more than three million LogMeIn users.

At the request of its customer, LogMeIn will also make the history of when and where that customer's computers are being used accessible to IT departments and law enforcement, while still keeping users' information safe, secure and private. These theft deterrent and remediation features will be part of detection capabilities already inherent in LogMeIn

Read the article


Financial services firms on track for market regulation

Most finance firms are now on track with their preparations for compliance with the Markets in Financial Instruments Directive (MiFID), a new survey by TradeTech and SunGuard has revealed.

MiFID, which comes into force next year, is regarded as the biggest change in the European financial services industry for over a decade.

The directive presents a compliance challenge for IT departments, which are already battling to meet the requirements of the Basel II capital accord, the Sarbanes-Oxley Act and International Financial Reporting Standards.

But a survey of 230 executives from finance firms in 12 European countries found that 84% of respondents said their firm was on track with its MiFID preparation.

Read the article in Computer Weekly


Cyber Attacks Increasingly Target Home Users for Financial Gain - Symantec

The latest Internet Security Threat Report released on 25 September 2006 by Symantec shows that because home users are less likely to have established security measures in place, they are being increasingly targeted by attackers for identity theft, fraud, or other financially motivated crime. Furthermore, attackers are now using a variety of techniques to escape detection and prolong their presence on systems in order to gain more time to steal information, hijack the computer for marketing purposes, provide remote access, or otherwise compromise confidential information for profit.

“Understanding the current threat landscape is critical in helping us protect our citizens' online interactions and ensure the availability of our critical systems,” said David Jordan, chief information security and privacy officer for Arlington County, Va. “The current threat intelligence in Symantec's Internet Security Threat Report, combined with our use of leading-edge security technologies, helps us ensure the highest degree of security for our citizens and government agencies.”

Symantec's Internet Security Threat Report notes that home users are the most targeted attack sector, accounting for 86 percent of all targeted attacks, followed by financial services businesses. Symantec has identified increased attacks aimed at client-side applications, increased use of evasive tactics to avoid detection, and that large, widespread Internet worms have given way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity.

Read the article


VeriSign: Microsoft VML exploit attacks increasing; third-party patch released

Experts at VeriSign iDefense warned today that vector markup language (VML) attacks targeting Microsoft's latest zero-day vulnerability are on the rise as awareness of the flaw grows.

The researchers with iDefense said that they have monitored for VML attacks through Thursday and noted only light traffic. However, iDefense experts said that the attacks increased this morning and that attackers are using three different methods to exploit the flaw.

"VML attacks have ramped up significantly in the past 24 hours," said Ken Dunham, director of the Rapid Resonse Team at iDefense. "At least one domain hosts provider has suffered a large-scale attack leading to index file modifications on over 500 domains to redirect users to a hostile VML exploiting website."

Read the IT Security News article in SC Magazine


APACS Research reveals people to be unaware of basic security measures when banking online

Research released on 22 September 2006 from APACS, the UK payments association working on behalf of the banking industry, shows that people are still not aware of best practice when it comes to online banking and security. The findings clearly demonstrate that some online banking users are failing to protect themselves, despite widely available advice on how to do so.

The latest study builds on the findings of research carried out in 2004 and shows that people are still unaware of the basic security measures they should have in place to stay safe online. Although internet users are aware of scams such as ‘phishing' and Trojan attacks, they are still overly complacent. They need to do more themselves to understand the risks and find out what they can do to protect themselves and their computers.

Read the article


ID Analytics and VeriSign Bring Real-Time Identity Proofing Capabilities to VeriSign Identity Protection Customers

Strategic Relationship Adds Another Layer of Protection for Online Customers ~

SAN DIEGO, Sept. 19 /PRNewswire/ -- ID Analytics, Inc., the Identity Risk Management company, and VeriSign, Inc. (Nasdaq: VRSN - News ), the leading provider of intelligent infrastructure services for Internet and telecommunications networks, today announced an initiative to strengthen identity verification and proofing for online customers. Under the terms of a Referral Agreement, VeriSign intends to refer ID Analytics solutions to certain customers, including VeriSign Identity Protection (VIP) customers.

Read the Yahoo Article


VOIP presents major security risk, expert warns

Compliance and Privacy picked up this InfoWorld story on Voice over IP and security breaches. We can't help asking why a respected security researcher needs a nickname, so we searched for The Grugg in Google and came to no conclusion. What we do wonder is "Is his crystal balling right, or has he a different agenda?"

But on to the article:

Banks and other companies switching their phone systems to VOIP (voice over Internet Protocol) are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher warned Wednesday.

"People will be able to penetrate bank networks and hijack their phone lines," said an independent security researcher, known by his pseudonym The Grugq, in an interview. VOIP is becoming increasingly common as companies and operators look to the technology to help cut costs, which makes them more vulnerable to attack, he said.

Read the InfoWorld Article


Trusted Computing Group Announces Open Specification For Mobile Phone Security

Mobile Trusted Module Specification to Enable an Industry-Based Approach to Securing Devices, Information and Transactions for Cell Phone Users  

The Trusted Computing Group's Mobile Phone Work Group, which has been working to create an industry-wide approach to securing data, transactions and content, for mobile phones, announced on 13th September 2006 a draft Mobile Trusted Module specification. This open and available specification will enable the development of stronger security, enhanced privacy and reduced risk of loss and theft for mobile phone users and providers of handsets and services.

“Attacks on mobile phones, including viruses, spyware and spam, and the loss of personal and financial information or the handset itself, clearly will increase as phones increasingly become repositories of critical information and transactions for users,” noted Iain Gillot, president and founder of iGR (formerly iGillot Research).  “By working together and establishing standards, the mobile industry can move more quickly and efficiently to embed security mechanisms into phones. More security at the platform level can only help the industry continue to offer the services, handset features and content that users want.”

Read the article


Compliance and Privacy Newletter - 15 September 2006

In this issue:

  • Security Breaches - Around 80 per cent affected!
  • The 'Secure the Trust of Your Brand' survey
  • Davis Wright Tremaine's Privacy and Security Law Blog
  • The Life of a Threat - Video
  • Data Privacy Thinker Blog
  • The Metasploit Project Official Blog
  • UK Information Commissioner's Annual Report
  • VeriSign® Identity Protection Fraud Detection Service Whitepaper
  • Attacking the Code: Source Code Auditing - an iDefense Webcast
  • Risk-Based Assessment: A Practical Guide to Complying with FFIEC Authentication Guidelines
  • US Ratifies Council of Europe Convention on Cybercrime
  • News Roundup

Click Here for the Newsletter


iPay Technologies Selects VeriSign Identity Protection Fraud Detection Service for Risk-Based Authentication.

iPay Technologies selected the VeriSign® Identity Protection (VIP) Fraud Detection Service to provide online security for its customers and financial institutions. Under terms of the agreement, iPay Technologies will deploy the VIP Fraud Detection Service to secure customer login and transaction information

Read the press release


VeriSign to Secure WiMAX Standards Wireless Broadband Networks.

VeriSign has been selected by the WiMAX Forum™, the exclusive global organization dedicated to certifying the interoperability of wireless broadband access products based on global standards, to provide PKI-related services to all WiMAX Forum Certified™ solutions based on IEEE 802.16-2004 and ETSI HiperMAN 1.2.1 .

Read the press release


US Ratifies Council of Europe Convention on Cybercrime

On Aug. 3, 2006, the United States Senate ratified the Council of Europe Convention on Cybercrime, a multinational treaty that attempts to foster cooperation on prosecuting Internet-based crimes. Although some privacy organizations are protesting the treaty, overall, the response to America 's ratification of the treaty, especially commentary from leading American security companies, has been quite positive.

To-date, 38 counties have signed the treaty that requires that member countries establish as criminal offenses a wide variety of cyber-related activity, including "the access to the whole or any part of a computer system without right…when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system…the damaging, deletion, deterioration, alteration or suppression of computer data without right" (ibid.)., child pornography and other offenses. It also requires that signatory countries establish procedures for dealing with these crimes and provides a prosecutorial framework for international cooperation between signatory countries.

Read the article

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.