Cyber Security Practitioner

Volume: 3 Issue: 9
(September 2017)


US-based consumer credit reporting agency Equifax made public on 7 September 2017 that it has suffered a large-scale cyber incident, which has resulted in the data of approximately 143 million Americans, and possibly UK and Canadian citizens, being compromised. Equifax is currently investigating the breach and reported on its website that it believes the unauthorised access to its data occurred from mid-May 2017 through to when Equifax discovered the breach on 29 July, and that “the company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.” / read more


The major cyber security story this month is the Equifax breach, which has been described by a Democrat Senator in the United States as “one of the most egregious examples of corporate malfeasances since Enron.” This editorial is not about the Equifax case, but, rather, the Senator’s statement. / read more

On 8 August 2017 the UK Government published a consultation on the implementation of the Network and Information Systems (‘NIS’) Directive into UK law. The NIS Directive does not apply to communications providers (‘CPs’), to the extent that CPs do not provide digital services; however with CPs having security obligations under the Communications Act 2003, Ofcom has over the summer launched a consultation on its plans to update its guidance on the security requirements in the Communications Act. Emma Wright and Chris Benn of Kemp Little LLP review both consultations and ask to what extent these changes are necessary. / read more

On 11 July 2017, the Cyberspace Administration of China (‘CAC’) released a draft Regulation on Security Protection for Critical Information Infrastructure (the ‘CII Regulation’), which aims to provide elaborated rules on the protection of China’s critical information infrastructure (‘CII’). The CII Regulation, if adopted in its current form, would significantly affect the companies which operate CII or conduct business with a CII provider. Xun Yang, Of Counsel at Simmons & Simmons, dissects the CII Regulation and assesses the new responsibilities for cyber security that may be placed on individuals and companies associated with CII. / read more

Data sovereignty is causing issues for multinational businesses involved in data transfer across nation states such as the United States, Russia and China. Unique regulations provide for a varied degree of ownership of information within national borders. Dan Hyde, Partner at Penningtons Manches LLP, assesses these differing approaches to data sovereignty, and explores how nationality and state culture are becoming a growing issue for cyber security. / read more

Cyber security presents an interesting conundrum for charities. While the world has its share of large, commercially sophisticated charities, many still operate with limited finances and a voluntary workforce. In this environment spending time and money on cyber security may seem a luxury many cannot afford. However, given that charities often hold highly sensitive information, deliver critical services and rely heavily on public trust, cyber security is a risk that can have catastrophic consequences and one that should not be ignored. Hans Allnutt and Joseph Fitzgerald, of DAC Beachcroft, assess The Department for Digital, Culture, Media and Sport’s (‘DCMS’) recently undertaken qualitative study, ‘Cyber security among charities: findings from qualitative research’(‘the DCMS Study’), to gain insight into how charities view cyber security, and in particular how their views differ from traditional business. / read more

Phil Cobley, Digital Forensics Technical Trainer at digital forensics company MSAB, takes a look at the ISO 27001 and 27002 standards, which help organisations in building a robust Information Security Management System. Phil breaks down the standards in terms of requirements, examines why they are useful, and argues why in order to ensure their acceptance and implementation, it is time to go back to basics on security. / read more

About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed