Cyber Security Practitioner

Volume: 1 Issue: 3
(June 2015)


Ministers from the Justice and Home Affairs Council of the EU sealed on 15 June a general approach on the European Commission’s (‘EC’) proposal for a General Data Protection Regulation (‘GDPR’), due to replace the Data Protection Directive 95/46/EU. The approach includes agreement on the power for data protection authorities to issue penalties of up to €1 million or up to 2% of the global annual turnover of a company and rules to establish the ‘one-stop-shop.’ It is also stipulated that data controllers should report data breaches to the competent supervisory authority without undue delay, and, where feasible, within 72 hours of becoming aware of it. / read more

The US National Institute of Standards and Technology (‘NIST’) published in May its updated Guide to Industrial Control Systems (‘ICS’) Security, which presents a set of voluntary standards to help secure ICS by identifying threats and vulnerabilities and suggesting countermeasures. / read more

The ITU (the International Telecommunication Union) launched on 28 May its Global Cybersecurity Index & Cyberwellness Profiles Report 2015. The Index (‘GCI’) ranks jurisdictions in terms of their commitment to the ITU Global Cybersecurity Agenda, with the criteria spread across five areas such as legal measures and capacity building. The Report also contains cyber wellness country profiles and examples of good practice. / read more


This week’s announcement that the EU Council has agreed its ‘common approach’ on the proposed General Data Protection Regulation (‘GDPR’) means that mandatory personal data breach disclosure law for the EU is inevitable. Presently, there is a patchwork quilt of obligations and expectations for breach disclosure around Europe, ranging from universal legislative requirements for telcos and internet service providers, through to a number of specific national laws (with the latest example being the one adopted last month in The Netherlands), through to somewhat vaguer public and regulatory policy expectations (as exist in the UK). A patchwork quilt isn’t the most helpful environment for businesses, so the clarity of a universal law brings a lot of benefits, but businesses will be worried that breach disclosure also brings with it the risk of more frequent imposition of regulatory sanctions and a compensation culture, as has happened in the US. / read more

Penetration testing involves a business essentially hiring hackers to attempt to compromise their systems in order to test their security. Freakyclown, Senior Penetration Tester at Portcullis Computer Security Ltd, draws upon his considerable experience of penetration testing in order to detail the main patterns in terms of the cyber weaknesses of businesses, and suggests solutions for businesses in order to adequately deal with these weaknesses. / read more

The proposed Network and Information Security Directive (‘Directive’) concerns measures to ensure a high common level of network and information security across the EU. Rob Sumroy, Nikhil Shah and Natalie Donovan of Slaughter and May discuss its background, progress through the legislative process, key aspects and major sticking points. / read more

As the persistence and ingenuity of coordinated hacking activities increase so has the UK government’s attempts to deal with them by imposing a set of measures to encourage hackers to inform on one another; however it is too early to say whether this approach has been successful. In this article, Ashley Roughton, Consultant at Nabarro LLP, describes, in technical terms, one of the more egregious activities that hackers engage in, cites some relevant statistics and discusses the UK government’s recent reforms to computer misuse legislation. / read more

In late May the Dutch senate adopted a new bill on data breach notifications, set to enter into force on 1 January 2016, which substantially increases the penalties for companies that fail to meet data breach notification obligations. Folkert Hendrikse of PwC Legal Services discusses the detail of this new bill, the reporting obligations required, and the penalties for non-compliance. / read more

Given the apparent threat to the healthcare sector from cyber attacks1, Leslie M. Tector and Jennifer U. Rathburn of Quarles & Brady LLP analyse the status of medical device cyber security regulation in the US, and comment on the adequacy of the regulation and standards currently in place. / read more

Stuart Clarke, Director of Cybersecurity & Investigation at information management technology provider Nuix, suggests in this article that an answer to protecting data may involve companies looking inwards at information management practices and policies as well as at external threats. This means ensuring the delay between a breach happening and a breach being detected is minimal. Stuart explains four practical steps to aid companies in responding to data breaches and becoming good information ‘shepherds’ along the way. / read more

About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed