News

Regulatory compliance and standard requirements

• August 20, 2011 20 Aug'11

  ICO approves policy changes after Google Street View privacy issues

  The ICO has approved updates to Google's Street View policies following a data compromise last year, but asserts there's room for improvement.

• August 11, 2011 11 Aug'11

  Gartner: Corporate privacy policy requirements demand urgent review

  The research firm says corporate privacy policy requirements are outdated, due to new technology and legislation, and should be revisited now.

• July 15, 2011 15 Jul'11

  Concern follows police convictions for Data Protection Act violations

  A Freedom of Information request reveals that 243 police officers were convicted of Data Protection Act violations in the last three years.

• July 07, 2011 07 Jul'11

  Many private firms decline ICO audit, finds 2011 ICO annual report

  The 2011 ICO annual report shows that of the private companies offered an ICO audit last year, only 19% accepted.

• June 30, 2011 30 Jun'11

  DPA compliance: Tracking changes to Data Protection Act guidelines

  Can organisations expect a more prescriptive Data Protection Act in the future? UK Bureau Chief Ron Condon examines the law's prospects.

• June 17, 2011 17 Jun'11

  Demystifying IT Rules 2011: What it means for you

  The first of a two-part series on the IT Rules 2011 notification under IT Act 2000, looking into its stipulations and their implications for businesses.

• June 14, 2011 14 Jun'11

  PCI virtualisation: With new guidelines, compliance may be harder

  New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible.

• May 19, 2011 19 May'11

  European Commission Digital Agenda seeks input on EU cloud computing

  The European Commission's Digital Agenda is inviting organisations to complete an online cloud questionnaire as it considers creating cloud standards.

• May 13, 2011 13 May'11

  Industry experts: ICO guidelines on cookies get cautious welcome

  New ICO guidelines give leeway for a more nuanced approach to compliance, but some say more clarity is needed.

• May 10, 2011 10 May'11

  New ICO guidance issued on EU cookie law

  The Information Commissioner's Office has released practical guidance for companies to comply with the new EU cookie law.

• April 21, 2011 21 Apr'11

  PECR amendments feature tighter rules on cookies, security risk

  Beginning May 25, organisations will have to request permission from website visitors before planting cookies on their machines.

• March 29, 2011 29 Mar'11

  Open Group launches guide to boost ISO 27005 efforts

  A new guide from the Open Group is designed to help organisations meet ISO 27005 standards, but some risk management professionals feel it may not be so effective.

• March 22, 2011 22 Mar'11

  UK PCI compliance slow, but card fraud trends downward

  Compliance with PCI DSS is still slow in the UK, but card fraud continues to fall, perhaps in part due to measures mandated or encouraged by the standard.

• March 18, 2011 18 Mar'11

  ISSA standard aims to improve small business IT security

  ISSA is crafting a small-business standard to improve information security, but one group questions whether a single standard for all small companies makes sense.

• February 07, 2011 07 Feb'11

  PCI SSC: Europeans sought to shape credit card security policy

  Nominations recently opened for organisations to join the PCI SSC's advisory board, and PCI European Director Jeremy King is keen to see more UK companies elected.

• February 02, 2011 02 Feb'11

  PCI PTS aims to stop retail IT security breaches, but progress is slow

  The new PCI PTS requirements are intended to help stores shore up insecure point-of-sale systems and other common retail IT security weaknesses.

• November 30, 2010 30 Nov'10

  PCI-DSS standard compliance becomes reality for Bank of India

  Financial player Bank of India claims to be the first Indian bank to achieve PCI-DSS standard certification for its debit card environment.

• November 30, 2010 30 Nov'10

  Think Money offers lessons in meeting financial compliance regulations

  Think Money Ltd, based in Salford Quays near Manchester, offers a range of financial services including insurance, mortgage advice and debt management. Founded in 1993, the company employs more than 800 employees and has been listed in the Sunday ...

• November 12, 2010 12 Nov'10

  Report: Security awareness policy still hazy at most organisations

  While most users believe that their organisations have clear security policies, a recent study also finds that few are actually formally trained and many make security decisions without guidance from management.

• November 04, 2010 04 Nov'10

  IT Act 2008: DSCI recommends rules

  We list few key suggestions made by the data security council of India (DSCI) to the Government of India (GoI) for drafting rules under the IT Act 2008.

• November 01, 2010 01 Nov'10

  PCI DSS 2.0 brings clarity and guidance for merchants

  With the debut of PCI DSS 2.0, the PCI SSC focuses on guidance for risk-based compliance, and addresses issues such as virtualisation and cloud security. Conspicuously absent, however, is guidance on tokenisation.

• October 25, 2010 25 Oct'10

  Organisations unaware of Good Practice Guide 13 monitoring guidelines

  A recent survey reveals that only 38% of public-sector organisations are aware that CESG's Good Practice Guide 13 exists. Ron Condon reports.

• September 20, 2010 20 Sep'10

  PCI DSS: UK companies can help shape the standard, says EU director

  Jeremy King, recently appointed European director for PCI DSS, said UK and European companies can have greater influence on the future of the credit card security standard, and offered an early assessment of PCI DSS 2.0.

• August 27, 2010 27 Aug'10

  Zurich Insurance breach payment: Data breach fine highest on record

  This week, The Information Commissioner's Office handed down the highest data breach fine on record in the UK, charging Zurich Insurance over £2 million.

• August 19, 2010 19 Aug'10

  KYC requirements and the emerging need for centralized bureaus

  Establishing centralized know your customer (KYC) bureaus will make life easier for everybody, and streamline verification of KYC requirements.

• August 02, 2010 02 Aug'10

  Mobile digital pad/pen helps secure patient data collection

  The midwives of Portsmouth Hospitals NHS Trust have recently transitioned to a mobile digital pad/pen system of data entry that cuts time and helps secure patient data.

• July 12, 2010 12 Jul'10

  Ministry of Justice asks for input on UK privacy laws

  In a recent statement, the European Commission has labelled UK privacy laws too lenient to meet the strictures of the EU data protection directive. The Ministry of Justice (UK) has opened a call for evidence to get public opinion on the matter.

• July 12, 2010 12 Jul'10

  IT Amendment Act 2008 compliance guidelines for India.org

  Here are some practical guidelines for organizations that are looking to comply with IT Amendment Act 2008.

• July 09, 2010 09 Jul'10

  Exclusive PCI DSS news: EU regional director rallies UK merchants

  The PCI Security Standards Council has appointed Jeremy King the European regional director to focus its efforts in the EU and help merchants meet the approaching PCI DSS deadline.

• June 21, 2010 21 Jun'10

  PCI call centre: Understanding PCI DSS call recording requirements

  New guidance has recently been released to help companies struggling with PCI call centre compliance understand the mandates. The guidelines, coupled with emerging call centre security technologies, could greatly aid companies' compliance efforts.

• June 15, 2010 15 Jun'10

  IPR protection : Six crucial steps to safeguard your organization

  An effective IPR protection method includes identifying the data, authorization, authenticity, integrity, encryption and disposal. We present some insights.

• June 14, 2010 14 Jun'10

  PCI-compliant POS: Retail chain nears PCI compliance in the UK

  While many UK companies are still struggling to become PCI compliant, one retail store has found success with tokenisation and PCI-compliant POS terminals.

• June 03, 2010 03 Jun'10

  SSC announces PCI-certified internal auditor course for PCI assessment

  Beginning in Oct. in Europe, courses will launch to certify enterprise employees as Internal Security Assessors (ISAs), who can work in concert with external QSAs to produce more uniform PCI assessments.

• June 02, 2010 02 Jun'10

  Varied PCI QSA assessment quality causes PCI compliance issues

  At a recent PCI DSS user group meeting, members said inconsistent assessments from poorly trained QSAs are resulting in numerous PCI compliance challenges.

• April 21, 2010 21 Apr'10

  Survey: Compliance efforts drive security, but may not produce results

  According to a TechTarget survey, compliance efforts may not yet be producing more secure enterprise organisations. Industry experts offer some ways to improve compliance efforts, which include getting back to basics and educating employees.

• April 19, 2010 19 Apr'10

  Disk forensic capabilities at Syntel get inhouse edge

  Indian IT-KPO player acquires capabilities for incident handling and compliance management with disk forensic skillsets.

• April 05, 2010 05 Apr'10

  Data protection act fines: Deadline looms, data security breaches mount

  The Information Commissioner's Office (ICO) now has the power to grant Data Protection Act (DPA) fines to organisations that experience data security breaches. But that doesn't seem to be spurring any mass data protection efforts.

• March 22, 2010 22 Mar'10

  Two-factor authentication helps charity comply with PCI DSS

  Two-factor authentication is a must for any company that needs to comply with the Payment Card Industry Data Security Standard. Find out how one company implemented token-based authentication and how it overcame any rollout issues.

• March 15, 2010 15 Mar'10

  How Procter & Gamble adopted ITIL to ease IT infrastructure outsourcing, multisourcing

  The Procter & Gamble Company has conducted several rounds of outsourcing and attributes the contracts' sucess to the aplpication of ITIL.

• March 08, 2010 08 Mar'10

  PCI DSS requirements still baffling as compliance deadline approaches

  PCI DSS requirements can present a serious challenge for some merchants as the September 2010 compliance deadline approaches. A new survey shows that many Level-3 and Level-4 merchants are having trouble understanding the PCI DSS requirements.

• February 19, 2010 19 Feb'10

  Stumped by ITIL? BMC says go fly a plane

  Want to get better at ITIL? Pretending to run an airport may get you to your destination on time.

• February 05, 2010 05 Feb'10

  How to use ITIL v3 service transition lifecycle to bring IT services into production

  Learn how the ITIL v3 service transition lifecycle can help you bring new applications to production status, then make it easier to introduce new service releases or upgrades.

• February 01, 2010 01 Feb'10

  PCI DSS requirements: Get ready for stricter enforcement, fines

  Companies that are not taking the PCI DSS requirements seriously take note: Credit card companies are cracking down on non-compliant retailers. At a recent PCI DSS user group, retailers were informed that they may soon face consequences for ...

• January 18, 2010 18 Jan'10

  Data Protection Act breach could cost companies 500,000 pounds

  The Information Commission's Office recently announced new penalties for Data Protection Act breaches. Find out when the new penalties will come into play and what the penalties will now entail.

• January 08, 2010 08 Jan'10

  IT (Amendment) Act, 2008 has information security market on toes

  Section 43 (A) of the IT (Amendment) Act, 2008, will see a host of changes in Indian infosec strategies. Vendors hope to leverage these opportunities.

• December 18, 2009 18 Dec'09

  How to create an IT service catalog

  An IT service catalog is a menu of services offered by an IT organization. Get the FAQs on how to implement an IT service catalog and automate the service request process.

• December 14, 2009 14 Dec'09

  ICO issues draft guidelines for personal information online

  As more companies gather personal information online as part of their every day work, the Information Commissioner's Office has created guidelines to help organizations protect their sensitive data.

• November 23, 2009 23 Nov'09

  CISO reporting to board of directors: Myth or for real?

  There's much talk about how the Indian chief information security officer (CISO) now reports to board of directors. Has the Indian CISO's role changed?

• November 06, 2009 06 Nov'09

  PCI DSS standards, call centre compliance a challenge for UK organisations

  Confusion over the future direction of the Payment Card Industry Data Security Standard (PCI DSS) has caused some U.K. organisations to shelve their efforts while they seek clarification.

• November 04, 2009 04 Nov'09

  DSCI framework to strengthen data protection regime in India

  We take a detailed look at the Data Security Council of India (DSCI) framework for data security and privacy in Indian enterprises and BPOs.

• October 29, 2009 29 Oct'09

  IT (Amendment) Act 2008 and its effect on the Indian enterprise

  Understand the Information Technology (Amendment) Act 2008's pros and cons, as well as its impact on the Indian enterprise.

• October 15, 2009 15 Oct'09

  Compliance handbook author expects rise in security regulations

  The sheer volume of legislation and regulation can be mind-numbing, but a new book aims to pull together all of the relevant regulations and assist companies in their compliance efforts. Also: a discount for SearchSecurity.com readers.

• September 23, 2009 23 Sep'09

  The AML route for business protection at Kotak Mahindra Bank

  Kotak Mahindra Bank set up an anti-money laundering technology platform for business compliance to monitor suspicious money transactions and avoid operational risk.

• September 22, 2009 22 Sep'09

  New products aim to streamline compliance efforts

  Having trouble keeping up with SOX, Basel II and PCI? Two companies are promising to help organizations gain control of their multiple compliance responsibilities.

• September 04, 2009 04 Sep'09

  PCI DSS requirements and compliance straining UK retail, finance firms

  One theme was apparent at the most recent meeting of the PCI DSS User Group: the difficulty of being compliant with every piece of the standard.

• July 22, 2009 22 Jul'09

  FSA delivers largest data loss fine yet

  The Financial Services Authority has fined Europe's largest bank for its handling of customer details.

• July 14, 2009 14 Jul'09

  ITSM 101: Change management processes

  Discover the benefits of adopting ITSM's change management processes and learn about the hiccups that often arise along the way.

• July 01, 2009 01 Jul'09

  USB drive security project: In search of secure USB drive, CoCO compliance

  Caerphilly Council, concerned about USB drive security, describes its search and implementation of a USB drive security product from Safend, which also made Code of Connection (CoCo) compliance easier.

• June 24, 2009 24 Jun'09

  Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list

  Crimeware, cloud computing and an erosion of network boundaries are just a few of the security threats that corporate members of the Information Security Forum fear the most.

• May 29, 2009 29 May'09

  New certification will enable ITIL-ready products

  The body behind ITIL has launched a certification program for IT service management software.

• May 26, 2009 26 May'09

  Council boosts compliance efforts with system log management app

  To address compliance with CoCo, PCI and ISO 27002, a security officer at Surrey Heath Borough Council recently tried a network log management application.

• May 14, 2009 14 May'09

  NHS imposes USB stick security

  In response to embarrassing losses of USB memory devices, the National Health Service has mandated an encryption tool that will also withstand the rigours of medical work.

• May 12, 2009 12 May'09

  IAS 6 aims to lock down data from government departments, suppliers

  Government departments are under pressure to prove by mid-June that they -- and their suppliers -- have the right processes in place to manage personal and sensitive data.

• May 04, 2009 04 May'09

  Infosecurity Europe bucks economic recession, as does cybercrime

  If the Infosecurity Europe show is a barometer of economic health, then it looks as if the security industry is in good shape. Cybercriminals, however, are looking strong, too.

• March 25, 2009 25 Mar'09

  Firm Basel II risk management requirements needed now more than ever

  Basel II experts say that stricter risk management rules and regulations for banks are just around the corner.

• March 13, 2009 13 Mar'09

  5 reasons to start using ITIL and ITSM

  The IT Service Management (ITSM) and ITIL frameworks are powerful ways to improve the efficiency of your IT operations. Here are five ways to get the most from these governance tools.

• March 04, 2009 04 Mar'09

  U.K. government data handling practices stir privacy fears

  Researcher Tom Ilube says that a failure to implement controls has put the accuracy and integrity of U.K. government databases into question.

• February 12, 2009 12 Feb'09

  FAST Compliance Manager tool helps control software licensing

  The FAST Compliance Manager has been launched to help organisations stop paying for software they don't use, and to stop using software they haven't paid for.

• January 30, 2009 30 Jan'09

  Government departments breach Data Protection Act principles

  Recent research uncovers a lack of basic privacy controls in the public sector.

• January 19, 2009 19 Jan'09

  Back to security basics, say Infosecurity Europe exhibitors

  The attendees of Infosecurity Europe 2009 can expect to hear one particular message from vendors and exhibitors: get back to basics.

• January 13, 2009 13 Jan'09

  Security tips for surviving the credit crunch

  When budgets get tight, security experts will need to have smarter, more efficient ways of maintaining defences.

• December 05, 2008 05 Dec'08

  Privacy, data protection must be built into system design, says ICO

  Having raised national awareness of the problem of data breaches, the Information Commissioner's Office is raising the stakes with its new report, "Privacy by Design."

• October 30, 2008 30 Oct'08

  Information Commissioner turns up the heat on data breach culprits

  Richard Thomas, the Information Commissioner, spoke at the RSA conference in London to repeat his call for more powers and resources to address data breaches and poor security practices.

• October 15, 2008 15 Oct'08

  Email confusion could look bad in court

  Despite discovery laws, many businesses are still unable to dig up email messages sent three years ago.

• August 15, 2008 15 Aug'08

  Firms aim to achieve PCI DSS compliance deadline, despite the cost

  U.K. businesses are preparing for a worsening economy, but are still working to implement and enforce PCI DSS compliance standards despite the cost and expenses the guidelines introduce.

• August 11, 2008 11 Aug'08

  Slow take-up of PCI shows lack of compliance with Data Protection Act

  Experts discuss companies disregard to get compliant with the Data Protection Act and the Payment Card Industry Data Security Standard (PCI DSS), proving there is a lack of enforcement and penalties, which would lead to a security breach, credit ...

• August 06, 2008 06 Aug'08

  Software licensing presents issues, challenges for enterprises

  Experts say better software licensing controls can help enterprises spend funds more efficiently and avoid issues and challenges for enterprises. One company shares how it did just that.

• July 29, 2008 29 Jul'08

  ArcSight to take on UK compliance

  ArcSight Inc. has appointed its first UK distributor to meet growing compliance needs of small and medium-sized companies.

• July 23, 2008 23 Jul'08

  Data loss at the MoD and NHS shows need for stricter security policies

  Recent revelations over data losses at the Ministry of Defence (MoD) and at the National Health Service (NHS) have made both organisations a laughing stock, but we should all think twice before laughing too loudly, says UK Bureau Chief Ron Condon.

• June 24, 2008 24 Jun'08

  Security breaches and dual standards

  Private industry acts while public sector hides behind a cloak of secrecy.

• June 13, 2008 13 Jun'08

  Data breach notification laws coming soon -- but not soon enough

  Having his own credit card details recently compromised, possibly by the data breach at online clothing store Cotton Traders, bureau chief Ron Condon speculates on Cotton Traders' less-than-forthcoming response to the breach in terms of the state of...

• June 03, 2008 03 Jun'08

  Tarnishing 'good names': How to stop a losing battle with identity thieves

  Jay Heiser explains how security professionals can step up their game and improve upon today's weak identity theft prevention methods.

• May 30, 2008 30 May'08

  Security strategy research seeks to plug weaknesses

  The Security Research Initiative will develop a template to reduce security gaps and improve security management.

• May 29, 2008 29 May'08

  ITIL drives merger of help desk and asset management tools

  ITIL's drive for a wholistic view of IT incidents is changing the products CIOs use to manage their infrastructure.

• May 27, 2008 27 May'08

  What the new powers of the Information Commissioner mean to you

  Big fines will put teeth into the law by the end of the year.

• May 23, 2008 23 May'08

  Focus your SOA architects on business, communication

  Planning an SOA project? Direct your architects to focus on certain outcomes if you want to succeed.

• May 19, 2008 19 May'08

  Fraudulent credit card use proves why we need disclosure laws

  After being a victim of fraudulent credit card use and bank transactions, Ron Condon says the U.K. needs a mandatory data breach disclosure law to keep victims informed and protected.

• April 28, 2008 28 Apr'08

  Data leakage, poor code are concerns at Infosecurity

  Insider threats, data privacy top the themes that emerged from the year's big show.

• April 08, 2008 08 Apr'08

  HSBC's customer data loss opens door for social engineering attacks

  Yet another unencrypted CD goes missing, this time it's HSBC bank that has lost 370,000 customer records.

• April 03, 2008 03 Apr'08

  Users bypass security to get their jobs done

  Fear of data protection regulations creates barriers to work according to a survey by IT Governance

• March 06, 2008 06 Mar'08

  UK "a soft touch" for cyber criminals, says MP

  The UK is heading for trouble unless Government, companies and law enforcement shake up their ideas and take cybercrime seriously, according to experts at the e-Crime Congress.

• February 19, 2008 19 Feb'08

  UK security regulations need teeth

  The recent launch of a new forum dedicated to promoting security awareness in both business and industry raises once more the question: how effective can awareness campaigns ever be?

• February 07, 2008 07 Feb'08

  Market gets to grips with PCI, but pitfalls remain

  After several false starts, companies handling credit card data are learning to live with the payment card industry's tough new security standards.

• January 22, 2008 22 Jan'08

  Cancer Research catches up with compliance

  Charity organisation Cancer Research stays on top of PCI compliance while also working towards ISO 27001.

• January 21, 2008 21 Jan'08

  Breaching data protection policy is criminal, says Lord Errol

  A key player in shaping IT security policies, Lord Erroll speaks to SearchSecurity UK on his views of data privacy and the recent spate of high-profile data leaks.

• January 16, 2008 16 Jan'08

  Guarded welcome to proposed data leakage laws

  Proposals to make security breaches a criminal offence have received general approval from industry and legal circles. But experts agree implementation of new laws could be tricky.

• January 10, 2008 10 Jan'08

  Data Protection Act compliance moves up security agenda

  Companies ignoring Data Protection Act compliance will have to strengthen their security and auditing procedures after a recent spate of high-profile data breaches. New push for data privacy involves Sarbanes-Oxley Act and PCI DSS.

• January 10, 2008 10 Jan'08

  Chinese whispers: the year of the rat

  Warnings from MI5 of ongoing Internet-based attacks from Chinese state organisations come as the Government is tightening the belt on the investigation of cyber crime.

• January 10, 2008 10 Jan'08

  CISSP cert can boost your security career, but not your salary

  UK firms looking to hire security professionals are using the CISSP certificate to filter CVs, but recruitment companies say eventhough it might enchance your career through credibility or it no longer translates into a higher salary.

• January 10, 2008 10 Jan'08

  Information security salary survey 2008

  With pay rises on the way, good times are set to continue for IT security professionals, despite uncertainties.