Cyber Security Practitioner

Volume: 2 Issue: 3
(March 2016)


News

The UK Information Commissioner’s Office (‘ICO’) published on 3 March its guidelines on encryption, which confirm the ICO’s stance on encryption and provides practical advice inter alia on different types of encryption and when it can be used by organisations. / read more

The US Consumer Financial Protection Bureau (‘CFPB’) issued a Consent Order against online payment platform Dwolla on 2 March, for deceiving customers about its data security practices and the safety of its online payment system. The CFPB’s enforcement action requires Dwolla to pay $100,000, stop misrepresenting its data security practices, train employees properly and fix security flaws. / read more

The European Union Agency for Network and Information Security (‘ENISA’) published on 8 March a report that analyses the security challenges in relation to Big Data (‘the Report’). In particular, the Report notes as key challenges for organisations access control and authentication, secure data management, and source validation and filtering. / read more


Features

Are you sensing the shift in perceptions and expectations around the disclosure of security breaches? Of course, there is legislative change happening in Europe, represented by the mandatory disclosure rules contained within the General Data Protection Regulation and the Network and Information Security Directive and in new EU Member State legislation, such as in the Netherlands, but the most impactful changes are occurring in the minds of business leaders and the general public. / read more

Every company must be prepared to investigate and remediate security incidents effectively, including with respect to managing the legal risks that may arise from such incidents. David Fagan, Ashden Fein, and David Bender of Covington & Burling detail ten recommended actions for companies conducting cyber security investigations to ensure that an investigation is carried out effectively as well as how to remain compliant with evolving legal standards and preserve applicable privileges, in the event of a regulatory inquiry or litigation. / read more

Singapore’s advanced economic and technological development ironically makes it an attractive target for cyber attack. The Government has recognised this vulnerability, by responding with a comprehensive set of legislative and technological measures and international agreements that arguably place Singapore in the vanguard of international best practice. However, this comes at the expense of a lack of protection for individuals’ rights and the potential for increased compliance costs, as Rob Bratby of Olswang Asia LLP and Eric Lai of Holborn Law LLC, explain. / read more

On 2 December 2015, following a terrorist attack in San Bernardino, California, two of the suspected terrorists, Syed Rizwan Farook and his wife Tashfeen Malik, were killed by US authorities. In the days that followed, the FBI recovered an iPhone that had been used by Farook prior to the shootings. Farook and his wife had taken great pains to hide or destroy evidence that could be used by the authorities in follow-up investigations, including the destruction of two mobile phones and a computer hard drive. This made the iPhone in question valuable and one of the few pieces of evidence available for investigators to pursue. Unfortunately for the investigators, the terrorists had utilised one of the iPhone’s security features that required a password to be entered prior to the phone being turned on and used. This security feature is one that most cyber security professionals recommend users enable to safeguard the privacy of their data should the phone be lost or stolen. Once enabled, unless the correct numerical code is entered, the phone will not ‘open,’ thereby rendering it inoperable for anyone who attempts to use the phone. A further, and more advanced, security feature in the phone permits the owner to select an option that orders the phone to delete all data should 10 incorrect password attempts be entered. / read more

Cyber attacks on the legal sector are on the rise as are client demands for resilience in the sector. Thanks to the nature of the privileged information they hold, legal practices and institutions have become a key target for threat actors looking to steal valuable information. The sector also has a number of challenges ranging from typical partner ownership models - which don’t incentivise investment in non-revenue generating functions - through to an industry that has historically been implicitly trusted and thus has not had to contend with anything of the scale of cyber security that could undermine this trust. Haroon Malik, Managing Security Consultant at NCC Group, discusses the cyber security challenge faced by the legal industry and provides a number of case studies on recent cyber attacks that specifically targeted law firms. / read more

There are many reasons why insiders may consider carrying out the theft or illicit disclosure of sensitive information. The most frequent reason is financial gain by disclosure of data to a third party. Another reason may be a ‘scorched earth’ tactic carried out by a disgruntled or terminated employee. Even accidental disclosure by a careless team member can have an identical impact to malicious disclosure. / read more

Following the invalidation of the EU-US Safe Harbor decision by the European Court of Justice (‘ECJ’) in October last year, Safe Harbor’s replacement - the EU-US Privacy Shield - has been put forward, with legal texts relating to the Privacy Shield published on 29 February. Liz Fitzsimons and Toke Myers of Eversheds analyse the Privacy Shield in the context of cyber security threats and requirements. / read more


About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives



Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
Sign up for e-mail alerts
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed