to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Reports Relevant to Compliance and Privacy

compliance and privacy


What does the British Computer Society think of Phorm?

Phorm, Webwise, OIX and the BCS Security Forum

Phorm over function? Perhaps that's the challenge in relation to marketing desires clashing with privacy hopes. But given the starting point of the Phorm furore, in the Spring of 2008, we are now in the Autumn of 2008 and its been nothing but data breach after user faux pas exposing countless millions of individuals' personally identifiable information that has focussed the spotlight firmly upon the need to apply "privacy by design" principles from the outset - something that the ICO will be taking a very serious view of in the coming months. The BCS Security Forum is equally involved in keeping a watching brief.

Published by kind permission of Andrea Simmons

Download as a pdf

  BCS Security Forum and Phorm

'The Any Era Has Arrived And Everyone Has Noticed'

RSA Conference - Keynote Presentation: 'The Any Era Has Arrived And Everyone Has Noticed'

VeriSign's CEO Stratton Sclavos presented at the recent US RSA Conference, 'The Any Era Has Arrived And Everyone Has Noticed' download Keynote presentation

Download as a PowerPoint animated presentation (recommended) or as a static pdf

  Stratton Sclavos - The Any Era

Identity Security  - Time to Share

RSA Conference 2006 - Keynote Presentation: Identity Security  - Time to Share

Nico Popp of VeriSign gave the Keynote Presentation at the RSA Conference 2006:

The Keynote Presentation addressed the topic 'Identity Security  - Time to Share' , focusing on the issues around Identity Theft, Online Fraud and Phishing. The presentation gave a thought provoking insight into the ideas of a Identity network and the notion that the 'good guys' should be sharing  intelligence, and working on global and intelligent infrastructures.

Download as a PowerPoint animated presentation (recommended) or as a static pdf

 

  RSA Keynote presentation

Data Privacy for data in transit and The Semantic Web

Phoraging - How the Semantic web increases the risk of Identity Theft and worse

Mike Davies of VeriSign discusses:

  • Personal data at rest
  • Personal data in transit
  • Industry and regulations has focused on data at rest
  • The Semantic web will make it easier to get data on any subject from the internet
  • Data privacy will be impacted as the fog of information becomes clearer
  • Fraudsters will use these tools to steal identities by looking at multiple sources ("Phoraging")
  • Where security needs to be applied to protect privacy

Download as a PowerPoint animated presentation (recommended) or as a static pdf

 

  VeriSign Phoraging

Risk-Based Assessment: A Practical Guide to Complying with FFIEC Authentication Guidelines - a pre-recorded Webinar

Risk-Based Assessment: A Practical Guide to Complying with FFIEC Authentication Guidelines

Doug Barbin, VeriSign Senior Regional Consulting Manager discusses:

  • The difference between Controls Assessments and Risk Assessments
  • What the FFIEC means by a risk-based approach to authentication
  • Guidelines for developing and implementing a practical roadmap to FFIEC-Authentication Risk Assessments
  • How to develop a step-by-step task list for conducting a Risk Assessment
  • How to ask key questions for each stage of the assessment

register to view this on-demand web seminar

 

  iDefense upcoming vulnerabilities may 2006

Vulnerabilities Relevant for 1 June 2006

iDefense Upcoming Vulnerabilities Report May 2006

The following are the iDefense Exclusives which may be part of the next Microsoft Patch Tuesday, scheduled for June 13. iDefense customers have been provided workarounds for these issues as far as 146 days in advance of public notification.

Download the report

  iDefense upcoming vulnerabilities may 2006

IDS Evasion Techniques and How to Prevent Them

iDefense WebCast: IDS Evasion Techniques and How to Prevent Them

Intrusion Detection Systems (IDS) detect inappropriate, incorrect or anomalous host or network activity. This presentation provides information about common techniques used to evade IDS detection. The goal is to answer the question: To what extent should network administrators rely upon IDS detection systems for security and advanced warnings of attacks?

Full Webcast Streamed to your Desktop 22 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones).

Accompanying Slideset, and Accompanying Report, each as a pdf

  iDefense DDoD Attacks

Current State of DDos Attacks

iDefense WebCast: Current State of DDos Attacks

The distributed denial of service (DDoS) attack is among the most potentially costly and intractable cyber threats facing technology-dependent companies today. DDoS attacks are also more frequent, larger and more costly than ever before, and the number of available "zombie" computers in the wild is greater than ever. These trends will continue for the foreseeable future. This presentation discusses why and what DDoS mitigation and prevention strategies are used to keep technology-driven organizations in business today, and how early DoS attacks evolved into present-day techniques.

Full Webcast Streamed to your Desktop 27 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones).

Accompanying Slideset, and Accompanying Report, each as a pdf

  iDefense DDoD Attacks

Vulnerabilities between January and October 2005

iDefense Vulnerabilities Report Jan 2005-October 2005

Proactive vulnerability notification is critical to effective risk management. VeriSign® iDefense Security Intelligence Services delivers comprehensive, actionable intelligence aiding customers in making decisions in response to threats on a real-time basis. The following is a list of VeriSign iDefense Exclusive Vulnerabilities that have been publicly disclosure by the vendor since January 1, 2005. The table shows the number of days VeriSign iDefense customers receive notification on exclusive vulnerabilities in advance of public disclosure.

Download the report

  iDefense Money Mules

Money Mules - Sophisticated Global Cyber Criminal Operations

iDefense WebCast: Money Mules - Sophisticated Global Cyber Criminal Operations

Criminals are stealing thousands of credit cards and banking account credentials daily through phishing attacks, Trojan horse attacks and other attack vectors. Thousands of dollars daily are then laundered to offshore banking accounts through dozens of countries by "money mules," or phishing money launderers. Cyber-fronts are created to solicit, hire and exploit these money mules within multiple countries, and they can make as much as $10,000 or more in a month for part time work. This report will take a look inside the world of money mule operations and provide several examples of business fronts and job offers.

Full Webcast Streamed to your Desktop 28 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones).

Accompanying Slideset, and Accompanying Report, each as a pdf

  iDefense Money Mules

Sober Worm Postmortem

iDefense WebCast: Sober Worm Postmortem

Sober was the most prevalent e-mail worm of 2005. The carefully planned and coordinated attack started in early November 2005 and lasted until Jan. 6, 2006. In this presentation, iDefense examines the progression of the Sober attacks and the techniques the worm used to both infect its hosts and spread to others. iDefense also covers the impact that these attacks had on key corporate infrastructure and the future of the Sober worm itself.

Full Webcast Streamed to your Desktop 19 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

  iDefense Sober Worm Postmortem

Online identity theft: What businesses can do

Information Age WebCast: Online identity theft: What businesses can do

Identity theft is one of the most damaging and frightening computer-aided crimes to emerge in the information age. Research in both the US and in Europe shows that it is not only becoming increasingly common, but individuals are so frightened of falling victim that it is undermining their trust in e-commerce. What can be done? And specifically, what can businesses operating through the Internet do to prevent their customers falling victim to identity theft and thereby maintain or restore confidence in their online brands? And what role can technological solutions play? Our panel of experts moderated by Andrew Lawrence, Editorial Director, Information Age debated with an online audience the best answers to these issues.

The expert panelists were::

  • David Lacey, former chief security officer of Royal Mail, and a member of the Home Office Committee on ID Theft
  • Ryan Kalember, Technology Director of VeriSign, and a leading authority on federated identity management technology
  • Bori Toth, Biometric Research and Advisory Project Lead Deloitte & Touche

Our panelists opened the debate with presentations outlining the threats to business posed by ID theft, and presented their view of what can best be done to combat them. The debate was then opened up to the online audience, and an enlightening half hour discussion ensued

Full Webcast Streamed to your Desktop 60 minutes. (Please note this is a replay and no interaction is possible. Separate registration required. Requires speakers or headphones, and Internet Explorer).

There were many questions during the session. These have been collated and are now available for download here as a pdf.  

  Online identity theft: What businesses can do

Rootkits and Other Concealment Techniques in Malicious Code

iDefense WebCast: Rootkits and Other Concealment Techniques in Malicious Code

In order for malicious code to provide its author with some benefit, it must be successful in four areas: propagation, infection, malicious actions and persistence. With the advent of multi-tasking computers, the increased popularity of networking in general, and the Internet in particular, the tools and techniques used by malicious code authors have improved considerably. This webcast focuses on these tools and techniques, concentrating on the evasion of first-line defenses, autostart considerations and rootkits.

Full Webcast Streamed to your Desktop 28 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

  iDefense The Rise of Online Extremist Islamic Propaganda

Federal Financial Institutions Examination Council

Authentication in an Internet Banking Environment

On August 8, 2001, the FFIEC agencies1 (agencies) issued guidance entitled Authentication in an electronic Banking Environment (2001 Guidance). The 2001 Guidance focused on risk management controls necessary to authenticate the identity of retail and commercial customers
accessing Internet-based financial services. Since 2001, there have been significant legal and technological changes with respect to the protection of customer information; increasing incidents of fraud, including identity theft; and the introduction of improved authentication technologies. This updated guidance replaces the 2001 Guidance and specifically addresses why financial institutions regulated by the agencies should conduct risk-based assessments, evaluate customer awareness programs, and develop security measures to reliably authenticate customers remotely accessing their Internet-based financial services.

This guidance applies to both retail and commercial customers and does not endorse any particular technology. Financial institutions should use this guidance when evaluating an implementing authentication systems and practices whether they are provided internally or by a service provider. Although this guidance is focused on the risks and risk management techniques associated with the Internet delivery channel, the principles are applicable to all forms of electronic banking activities.

  FFIEC Authentication Guidelines

The Rise of Online Islamic Propaganda

iDefense WebCast: The Rise of Online Islamic Propaganda

Numerous recent media articles have noted that al Qaeda is improving its information operations tactics through the use of the Internet, providing a means of anonymous communication and the dissemination of news on the group's military successes. This report will reveal the frequent presence of Islamist Extremist Propaganda online and provide a clearer understanding of the different forms of IEP, based on the specific objective and approach of each type.

Full Webcast Streamed to your Desktop 26 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

  iDefense The Rise of Online Extremist Islamic Propaganda

2005 in Review, 2006 Indicators and Warnings

iDefense WebCast: 2005 in Review, 2006 Indicators and Warnings

As 2005 comes to a close, a review of the top threats and trends of the year helps to establish a forward looking view for 2006. This webcast, originally given on January 18, 2006, focuses on exploitation, specifically malicious code incidents, for 2005 and the implications as we look forth into 2006.

Full Webcast Streamed to your Desktop (42 minutes. Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

  iDefense 2005 in Review Webcast

Top 10 Spyware Applications

iDefense WebCast: Top 10 Spyware Applications

As most people herald the arrival of 2006 with fanfare, the creators of spyware and adware applications continue inexorably toward the goal of maximizing revenue from their creations. The automatons that they set into motion do not take holiday breaks, preferring instead to lie in wait for the next user gullible enough to download, install and use the malicious software and provide financial benefit to the spyware distributors.  Spyware is a perfect example of the growing trend in which questionable entities exploit the Internet for financial gain. The last few years have proven that malicious code, and its cousins adware and spyware, have become the raison d'être for many computer professionals. Additionally, the fine line between the malicious code camp (writing and distributing worms, viruses, Trojan horses and combinations thereof) and that of adware and spyware (writing code that is "questionable" at the least) is blurring, and successful techniques used by one faction are often, and quickly, incorporated into the products of the other. There is even a fast-growing trend of adware and spyware being deployed by means of malicious code droppers and websites - all in the pursuit of easy money.

Full Webcast Streamed to your Desktop (54 minutes. Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

Download the Top 10 Spyware Applications Report (accompanying pdf)

  iDefense Top 10 Spyware Applications Webcast

Exploitation Frameworks

iDefense WebCast: Exploitation Frameworks

The iDefense exploitation framework comparison is a comprehensive review of the features included in the CORE IMPACT, Immunity's Canvas and Metasploit exploitation frameworks. Typically, corporations use these frameworks to perform penetration testing on their internal systems. However, hackers also frequently take advantage of the automated test-and-penetrate mechanisms that these frameworks offer. In its report, iDefense compares these frameworks to determine which is the most useful in a corporate setting and which might prove the most significant threat to vulnerable networks.

Full Webcast Streamed to your Desktop (25 minutes. Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

Download the slideset for reference (pdf)

  iDefense Exploitation Frameworks

The Rise of Malicious Code on Linux-Based Systems

iDefense WebCast: The Rise of Malicious Code on Linux-Based Systems

The Linux operating system has not historically been a popular target for malicious code writers. Recently Linux-based systems have increased dramatically in popularity, which has resulted in a very high prevalence on Internet-facing systems. This increase in numbers, coupled with a large number of vulnerabilities in both the base OS and the third-party software, make Linux very good candidate for present and future exploitation by malicious code. In this presentation, iDefense security experts discuss the current issues associated with the Linux OS and how they can be exploited by internet-based malicious code threats.

Full Webcast Streamed to your Desktop (28 minutes. Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

Download the Accompanying Slide Presentation

  iDefense malicious Code Attacks

Targeted Malicious Code Attacks

iDefense WebCast: Malicious Code Attacks

Recent news stories about a report from the UK National Infrastructure Security Coordination Centre (NISCC), followed by a similar but separate CERT advisory, have generated much concern about targeted attacks, including their likelihood and potential impact. This report overviews targeted attacks, select examples to date, exploits and code utilized in targeted attacks, likelihood and impact, and mitigation measures.

Full Webcast Streamed to your Desktop (27 minutes. Please note this is a replay and no interaction is possible. Requires speakers or headphones). 

Download the Targeted Malicious Code Attacks Report

Download the Accompanying Slide Presentation

  iDefense malicious Code Attacks

Internet Security Intelligence Briefing

These briefings report current trends in Internet growth and usage as well as security events and online fraud.

ISIB Report - March 2006

VeriSign® Security Services presents this report with data and trend analysis on Internet security events and online identity fraud. This briefing includes data and intelligence drawn from a variety of VeriSign intelligent infrastructure services, including digital certificates (SSL and PKI), and Managed Security Services (MSS).

This briefing presents data and trends covering:

  • Identity 2.0
  • 2006 Threat Landscape
  • Statistics on Worldwide Internet Security Events.

Download the March 2006 Internet Security Intelligence briefing Report

  Internet Security Intelligence Briefing Report

ISIB Report - November 2005

The VeriSign® Internet Security Intelligence Briefing reports current trends in Internet growth and usage as well as security events and online fraud. This briefing includes data and intelligence drawn from a variety of VeriSign intelligent infrastructure services, including Domain Name System (DNS) services, digital certificates (SSL and PKI), Managed Security Services (MSS), Payment Services, and Fraud Protection Services*. This briefing covers data
gathered from April through September 2005 This briefing presents data and trends covering:

  • The Frontiers of Internet Security
  • Top Adware/Spyware Exploits and Related Vulnerabilities
  • Internet commerce
  • Mobile Communications
  • Emerging Threats and Vulnerabilities
  • Worldwide Internet Usage

*These services are described in detail on the last page of this briefing.

Download the November 2005 Internet Security Intelligence briefing Report

  Internet Security Intelligence Briefing Report

ISIB Report - June 2005

Internet domain growth continues unabated in Q1 '05, Phishing and pharming attacks get ever more sophisticated - DMS cache poisoning and software vulnerability exploitation are replacing attacks relying on gullibility. Find out how serious this could be for your organisation

Download the June 2005 Internet Security Intelligence briefing Report

  Internet Security Intelligence Briefing Report

ISIB Report - February 2005

It includes data and intelligence drawn from VeriSign Intelligent Infrastructure Services and covers data gathered from October 2004 to January 2005. In particular it looks at data and trends covering:

  • Internet commerce during the 2004 holiday season
  • Phishing attacks
  • Emerging threats and vulnerabilities
  • Worldwide Internet usage

Download the February 2005 Internet Security Intelligence briefing Report

  Internet Security Intelligence Briefing Report

Weekly Threat Reports

These reports detail current newsworthy threats.

Weekly Threat Report August 01 2005

The Cisco IOS Incident at Black Hat

The Cisco Internetwork Operating System (IOS) issue presented at Black Hat by security researcher Michael Lynn in Las Vegas on July 27 dominated the news this past week.

The Scots Hacker

The case of the so-called "Scots Hacker" has been adjourned until October 18, 2005. Gary McKinnon (aka "Solo"), who was on trial in London for allegedly hacking into numerous US government networks in 2001.

Download the Internet Security Intelligence briefing Report

  Weekly Threat Report

Global Governance: The View from the 2005 World Economic Forum in Davos

Michael Useem reports from Davos

Global Governance

The establishment of good governance is crucial for companies as well as countries, and it must become a major priority. Recognizing this reality, CEOs and political leaders at the World Economic Forum held last month in Davos, paid considerable attention to this issue. Michael Useem , director of Wharton's Center for Leadership and Change Management , who moderated a workshop on the subject at the Forum, provides an inside view of the discussion.  (reproduced here by kind permission of Wharton Business School, www.knowledge.wharton.upenn.edu )

Download the 2005 WEFReport

  Global Governance: The View from the 2005 World Economic Forum in Davos

The Corporate Ethics Boom: Significant, or Just for Show?

Professor Thomas Donaldson looks at Corporate Ethics.

Corporate Ethics Boom

In an article  written four years ago, in Nov  2000, in the Financial Times' Mastering Management series, Wharton legal studies professor Thomas Donaldson looked at the increase in corporate ethics programs throughout the world.  It is, in our view, a remarkably prescient article given the importance that is attached to compliance issues today. It discusses issues that businesses and organisations everywhere now face and how to address them. 

Download the Corporate Ethics Report

  Wharton Corporate Ethics Report

Corporate Compliance and Internet Security

This concise and incisive report provides you with the latest analysis of the threats and trends challenging your organization.

Corporate Compliance and Internet Security

An executive summary of current issues
for Boards and Senior Management in
major corporations. This concise and incisive
report provides you with the latest analysis
of the threats and trends challenging
your organization. It provides you with the
information you need to know to establish what steps you next need to take.

Download the Corporate Compliance and Internet Security Report

Corporate Compliance and Internet Security Report

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.