Cyber Security Practitioner

Volume: 1 Issue: 7
(October 2015)


US financial services company Standard & Poor’s (‘S&P’) published on 28 September a note, ‘Credit FAQ: How Ready Are Banks For The Rapidly Rising Threat Of Cyberattack?’ in which the agency noted that a bank’s ‘weak cyber security’ is a risk that could lead to a bank having its credit rating downgraded by the agency. / read more

The US National Institute of Standards and Technology (‘NIST’) released on 6 October a draft document, ‘Trustworthy Email,’ which seeks to enhance trust in email, whilst the National Cybersecurity Center of Excellence (‘NCCoE’) is working on a Domain Name System (‘DNS’)-based secured email project, to lead to a publicly available NIST Cybersecurity Practice Guide. / read more

Nuclear facilities around the globe are facing major industry-wide, cultural and technical challenges to effective cyber security, think tank Chatham House has identified in its report on ‘Cyber Security at Civil Nuclear Facilities: Understanding the Risks’ published on 5 October. / read more


My editorial this month expands into an article, where I look in more detail at the vulnerability of the remaining transfer mechanisms for sending personal data out of Europe. At the moment Model Clauses, Binding Corporate Rules (‘BCRs’) and the White List are still standing, but there probably isn’t a single person left in the data protection community who doesn’t appreciate their vulnerability. And that means privacy advocates too, who know what they have achieved and who know that they can do it again. / read more

Keith Martin, Professor of Information Security at Royal Holloway, University of London’s world-leading Cyber and Information Security Group, provides a detailed look at the history of cryptography and the ongoing Crypto Wars, which have been brought to a head by the Snowden revelations. Keith ponders on the possible outcomes of the Crypto Wars and explains that the tensions that arise over the use of cryptography are just one manifestation of the wider tensions between liberty and control in a civilised society. / read more

On 22 September, the US Securities and Exchange Commission (‘SEC’) announced that R.T. Jones agreed to settle charges that it “willfully” violated Rule 30(a) of Regulation S-P (17 C.F.R. §248.30(a)), which requires registered investment advisers to adopt written policies and procedures reasonably designed to safeguard customer records and information. The predicate for the violation was that R.T. Jones had failed to establish cyber security policies and procedures to safeguard personally identifiable information (‘PII’). A breach of the systems that held client PII was feared to have potentially compromised the PII of tens of thousands of individuals. Cyrus Amir-Mokri, Stuart D. Levi and Anastasia T. Rockas of Skadden provide detailed analysis of the case and the guidelines to be followed. / read more

There is certainly no doubt that the recent judgment of the Court of Justice of the European Union (‘CJEU’) deserves its ‘landmark’ epithet, yet the demolition of the Safe Harbor Decision was not surprising. It would seem that the European Commission’s framework data protection initiatives are uniquely vulnerable to challenge. When questions about their validity are placed before the CJEU, the outcome tends to be adverse. This vulnerability now also seems to be present in the business positions of huge technology companies. If these assertions withstand scrutiny, then what are the implications for business and how should they adjust themselves? These questions are the focus of this article, by Cyber Security Law & Practice Editor Stewart Room, Global Head of Cyber Security and Data Protection at PwC Legal. / read more

India has a dire need for a unified encryption policy. When the Information Technology Act was enacted in 2000, the Government of India (‘GOI’) restricted the level of encryption to 40 bits under the Telecom Licensing Policy, the prevalent standard at the time. This level of encryption has proved woefully inadequate in light of the rapid improvements in technology and computing power. Under present conditions, ordinary computers are capable of cracking such encryptions with ease. The increase in the sophistication of computer encryptions, the need for a minimum standard of encryption and the growing threat of cyber terrorism and attempts at hacking information, have increased the need for an encryption policy. The recent creation of a draft National Encryption Policy (‘Draft Policy’) is an attempt by the GOI to specify minimum standards of encryption and to provide for a comprehensive framework to protect data. While the Draft Policy did not prescribe the standards to be maintained or the level of encryption required, it did put in place a mechanism where the GOI could prescribe such minimum standards. / read more

In today’s world, organisations face not only increasing requirements to better protect data, but also the need to utilise that data effectively and legitimately process it both internally and via support partners. Alex Ayers, Consulting Director at specialist GRC and IT security company Turnkey Consulting, describes ways of working towards the implementation of data privacy controls such that controls become benefits rather than burdens. / read more

The conflict between the protection of national security and the right to privacy remains a contentious issue in Norway. The Ministry of Defence, tasked with carrying out a comprehensive review of national security in Norway, has put forward a number of proposals that it believes are urgent and should be implemented immediately independently of the full review. Øystein Flagstad, a Partner at Advokatfirmaet Grette DA, discusses the Ministry’s proposals, and the Norwegian Data Protection Authority’s (‘DPA’) criticisms. / read more

About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed