Cyber Security Practitioner

Volume: 1 Issue: 4
(July 2015)


News

Ireland’s government published on 2 July its National Cyber Security Strategy for 2015-2017, which sets out Ireland’s plans to protect its computer networks and details a number of actions inter alia designed to build cyber security awareness and improve the resilience of networks in critical infrastructure against cyber threats. / read more

The US Federal Financial Institutions Examination Council (‘FFIEC’) released a Cybersecurity Assessment Tool on 30 June, intended to help financial institutions determine their inherent risk profile and their cyber security maturity. / read more

The UK government announced a package of initiatives to assist small businesses in protecting themselves against cyber attacks on 16 July. One of the principle elements of the initiative is a new £1 million cyber security innovation fund which will be offered to micro, small and medium sized businesses in the form of a £5000 voucher. The aim is to allow businesses to access specialist advice to boost their cyber security and assist them in adopting Cyber Essentials. / read more


Features

As a metaphor, underwear works well in the security zone. I’ve heard a number of security experts talk about passwords being like pants: change them often and be careful about revealing them. So, let’s see how far we can take it. / read more

The network communication security protocol HTTPS has in the last few years been viewed as increasingly important by businesses. Yet HTTPS is not without limitation. Gunter Ollmann, CTO at information assurance firm NCC Group, provides background to the adoption of HTTPS, discusses its limitations, and, given these, looks at how HTTPS can be augmented for enhanced security. / read more

On 25 July, the German IT Security Act came into force. Remarkably, the law has been passed by the German Parliament (Bundestag) at a time when the Bundestag itself was subject to a cyber attack against its own IT infrastructure. The new law aims to provide better protection for critical infrastructures and IT systems as well as for internet users, due to the growing dependency of critical infrastructures on the internet. In a nutshell, according to the IT Security Act, a critical IT infrastructure has to meet certain minimum standards. The new law also requires that the Federal Office for Information Security be informed about potential security incidents. Affected companies have to perform audits on a biennial basis and a violation of the requirements may entail a fine of up to €100,000. For the concerned companies, compliance with the new requirements will lead to considerable administrative effort and substantial costs, as Dr. Hendrik Schöttle and Nadine Lederer of Osborne Clarke explain. / read more

Thanks to the privileged information they hold, for example relating to client deals in specific sectors, law firms have become a key target for hackers looking to obtain valuable information. If law firms fall prey to the attempts of cyber criminals to access their secrets, it could result in serious reputational damage and the loss of client trust. Here, Kris McConkey, leader of PwC London’s Cyber Threat Detection and Response team, describes hacker behaviour observed by his team in relation to attempts to access information held by law firms, and, given the criminal objectives identified, details where law firms should focus to protect themselves. / read more

China’s National Security Law was published and came into force on 1 July. Not long after this was enacted, a draft Cyber Security Law was produced for public consultation, expanding on the former law’s provisions in this area with rules on protecting information networks and the data stored or transmitted by such networks. These new laws have sparked concern about the Chinese Government’s control over the internet and the impact of the laws on businesses, as Yang Xun, Counsel at Simmons & Simmons in Shanghai, explains. / read more

In this article, Dr. Jessica Barker, a Cyber Security Consultant and member of the Cyber Security Law & Practice Editorial Board, argues that ultimately cyber security is, at its heart, more about people than technology. Given this, Jessica examines the role of humans in cyber security, and discusses taking a multifaceted approach to the complex problem of governing where humans meet machines. / read more

The Danish Data Protection Agency (‘Datatilsynet’) published, on 3 July 2015, its decision regarding a case from August 2013 in relation to the Danish power company, Natur-Energi A/S, where information regarding the personal support cases of customers was made available via the internet, and it was discovered that Natur-Energi had recorded phone conversations without notifying its customers. A number of unintentional emails with a link to a database of customer support cases displayed further breaches of data security that granted additional access to personal data. / read more


About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives



Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed