Cyber Security Practitioner

Volume: 2 Issue: 6
(June 2016)


A new Cyber Security Framework for banks was announced by the Reserve Bank of India (‘RBI’) on 2 June 2016. The new policy, which requires mandatory implementation by 30 September 2016, includes the requirement to set up a Security Operations Centre to combat cyber threats and a Cyber Crisis Management Plan. The Framework also includes the requirement that banks identify their own level of cyber ‘riskiness.’ / read more

The Financial Times reported on 25 May 2016 that the Bank of England, GCHQ and the UK government are considering plans whereby bank customers may be barred from receiving compensation after suffering fraud, should the individual/company fail to deploy adequate online security. / read more

The U.S. Federal Financial Institutions Examination Council (‘FFIEC’) issued, on 7 June 2016, a statement advising financial institutions (‘FIs’) to actively manage the risks associated with interbank messaging and wholesale payment networks and review risk management practices and controls related to authentication, authorisation and access controls, fraud detection and incident response (‘Statement’). The Statement follows recent information released from SWIFT regarding fraudulent payment cases where affected customers suffered a breach in their local payment infrastructure. / read more

The European Union Agency for Network and Information Security (‘ENISA’) published on 16 May 2016 its Qualified Website Authentication Certificates Report (‘Report’), which contains recommendations for governments and business and aims to improve the EU website authentication market and increase transparency in the market through qualified website authentication certificates. / read more

The Infocomm Development Authority of Singapore, published a circular on 7 June 2016, detailing that internet access for public servants in the country would be removed by May 2017, due to cyber security concerns. Bryan Tan, Partner at Pinsent Masons, describes Singapore as one of the cyber security hotspots of the world and states that whilst the move would reduce and isolate the risk of hacking, implementing such restrictions would not remove the threat of cyber attacks. / read more

The U.S. Department of Homeland Security ('DHS') and the U.S. Department of Justice ('DOJ') released, on 15 June 2016, final guidelines in relation to the Cybersecurity Information Sharing Act 2015 ('CISA') ('the Final Guidelines'). On the same day, the Homeland Security Committee held a hearing to review CISA, during which a number of concerns regarding information sharing under CISA were raised ('the Hearing'). / read more

The European Commission ('the Commission') announced, on 5 July 2016, it had launched a new public-private partnership on cybersecurity in order to prevent and tackle cyber attacks and 'strengthen the competitiveness of [the] cybersecurity sector.' The investment in the partnership will be of €450 million from the EU and of three times more from the cybersecurity market players. / read more

The UK looks set to follow EU law in the area of cyber security closely despite the forthcoming Brexit, with the recent passing of the EU General Data Protection Regulation (‘GDPR’) - set to take effect on 25 May 2018 - and the EU Network and Information Security Directive (‘NIS Directive’), which was adopted on 6 July 2016 and which is set to be transposed into Member State law by May 2018. / read more


This will be my last editorial before the EU Referendum. I’ve already voted, but like everyone else, I haven’t got a clue what the outcome will be. However, I’m sure that regardless of the vote, there is no way that the UK can Brexit from the EU legal positions on cyber security and data privacy. / read more

SWIFT CEO Gottfried Leibbrandt has announced a number of measures that it is hoped will better safeguard financial transactions in the future, following the penetration of the SWIFT network that saw cyber criminals make off with substantial amounts of money, marking a new stage of sophistication in cyber attacks against financial institutions. David Ferbrache, Technical Director, Cybersecurity at KPMG, shares his opinion on the threat facing the global payments network, the present limitations and the weak links in international anti-money laundering regimes that enable criminals to cash-out their ill-gotten gains. / read more

On 17 July 2015, the Brazilian House of Representatives established a Congressional Investigating Panel (‘CPI’) with the purpose of investigating cyber crime and its adverse impact on Brazilian society and Brazil’s economy. The Report was approved and made public on 4 May 2016. Its conclusions and recommendations do not have binding effect, but they do provide insight into the tools that the Brazilian authorities and lawmakers may have to regulate and deal with cyber crime, and endorses and proposes several bills-of-law. / read more

As with other corporate crisis reporting, it is not necessarily the data breach that damages reputation but the way in which that breach is managed that can tarnish the reputation long after the facts of the story have been forgotten. Conversely, a well-managed response to a data breach can engender trust and enhance a business’ reputation. Magnus Boyd, Partner at Schillings LLP, examines the issues in play at each of the four stages of managing a data breach. / read more

In Hong Kong (‘HK’), financial regulators are trying to ensure that organisations are prepared for cyber threats and are accountable for their systems, as illustrated by recent actions by the Hong Kong Monetary Authority (‘HKMA’) and the Securities and Futures Commission (‘SFC’). Gabriela Kennedy, Karen H.F. Lee and Maggie S.Y. Lee of Mayer Brown JSM provide analysis of these initiatives and the impact on financial institutions operating in HK. / read more

On 15 November 2001, the French legislature adopted Law No. 2001-1062 ‘regarding security in daily life,’ which criminalised the refusal by ‘anyone’ to turn over a decryption key to the Public Prosecutor during an investigation, or to an investigating magistrate during a judicial inquiry. The law was passed in order to facilitate decryption following the 11 September 2001 attacks in the United States; the law is consistent with the recommendations from the Council of Europe in 1995, which aimed to minimise cryptology’s potential negative effects on criminal investigations1. / read more

Following the Ashley Madison hack of the summer of 2015, legal action in the US has commenced against the website’s parent company Avid Life Media Inc. (‘ALM’), with ALM accused of failing to protect user information adequately. A curveball was thrown in the way of such lawsuits however in the shape of a recent Missouri court decision in which the Judge ruled that participants in a class action suit against ALM cannot proceed in the action anonymously. In the UK, Ashley Madison has a significant number of users, who may wish to take similar legal action. In this article, Bryony Hurst of Bird & Bird considers the potential for those affected to take such action while retaining their anonymity. / read more

About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed