Opinion

Opinion

Privacy and data protection

• Security Think Tank: The operational approach to integrated risk management

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Get basic security policy right, and the rest will follow

  Paying attention to basic aspects of cyber security such as policy and permission will give you a sold base to build from  Continue Reading

• Security Think Tank: Risk is unavoidable in digital transformation

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Regulators globally are shaping up to rein in Facebook

  We need to move fast and fix Facebook, before it breaks us  Continue Reading

• Security Think Tank: The case for blockchain-based identity

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Too soon to dismiss blockchain in cyber security

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Use blockchain for integrity and immutability checks

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain is not for everyone, so look carefully before you leap

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain utility depends on business type and cost

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Risk mitigation is key to blockchain becoming mainstream

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Data architects should be key allies of infosec pros

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Balancing data accessibility with security controls

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Security is a business, not an IT function

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Dialogue between data architects and security leads is essential

  How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Close interdisciplinary ties are key to security integration

  How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: CIA at heart of infosec-data architect partnership

  How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Would you trust a criminal with your cyber security?

  Several industry sectors have set a good example by hiring ex-offenders, and the cyber security industry could benefit in similar ways by looking at members of the hacker community  Continue Reading

• Security Think Tank: Engage business to address commercial risk

  What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Translating GDPR compliance into business benefits

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Aligning data privacy with business objectives

  What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Don’t dismiss the business benefits of GDPR

  What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Align compliance objectives with business goals

  What strategies can information security professionals use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Changing the GDPR focus to business benefit

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Benefits of GDPR compliance

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Embrace data protection as a necessary business process

  What strategies can information security professionals use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Business needs to see infosec pros as trusted advisers

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Security risk ratings key to security/business understanding

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Focus on business impact and likelihood of cyber attacks

  How can cyber security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Frame cyber security impacts in business contexts

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Security Think Tank: Infosec letter to the board

  How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t?  Continue Reading

• Is GDPR worth the cost?

  Regulations have costs, which are meant to be recouped by the expected benefits. But who decides whether this is a good deal? Ultimately, it’s you  Continue Reading

• Are there any positives from the first year of GDPR?

  A year has passed since the new EU data protection law came into force. What have we learned in that time that can help organisations deliver benefits from the regulation?  Continue Reading

• Security Think Tank: How to realise the benefits of security zoning

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Benefits and challenges of security segmentation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Cyber attack survival not a matter of luck

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Aim for integrated resilience, continuity and recovery

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Security Think Tank: Incident response vital to guard against catastrophic cyber attack

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Why cyber security needs to be prioritised at board level

  Despite the rising number of headline-grabbing security breaches, many company executives are still not prioritising cyber security in the boardroom  Continue Reading

• Mind the Brexit gap in cyber security

  Leaving the EU could mean a new cyber security regime for the UK – firms need to understand how the changes might affect them  Continue Reading

• Growing board focus on cyber risk challenges current thinking

  As digital transformation continues to drive change in the business and risk landscape, business and cyber security leaders need to improve discussions around this topic  Continue Reading

• Security Think Tank: Map your own important risk metrics

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Financial loss as a key security risk indicator

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: No one key risk indicator is generic across all businesses

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Key considerations for determining cyber risk

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Five elements of a key cyber risk indicator

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Aim for business intelligence-driven system of risk indicators

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Invest in proactive approach to security and digital risk

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Security Think Tank: Cyber metrics need to be meaningful

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Wearable technology in the workplace and data protection law

  Wearable technology is slowly creeping into the workplace to monitor staff performance and health, but do employers understand the legal implications? We assess the data protection implications  Continue Reading

• Breaking the chains: How FUD is holding the cyber sector hostage

  The cyber security industry must move past fear tactics and get back to the basics of good cyber security practice  Continue Reading

• Security Think Tank: UTM a key part of a well-rounded security strategy

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: No tech will ever counter-balance poorly implemented processes

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Know strengths and weaknesses of UTM systems

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Approach UTM with caution

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Focus UTM capabilities on security and business needs

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Many routes to UTM to boost security capabilities

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Arguments for and against unified threat management

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Brexit and data protection: What’s next?

  PA Consulting assesses how a no-deal Brexit would affect the flow of data from the UK into and out of Europe  Continue Reading

• Security Think Tank: Cloud tech helps to protect advanced networks

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Facebook’s high-stakes privacy gamble goes to Dublin court

  A high-wire gamble with billions in compensation at stake for European internet users – part of a complex case between Facebook and the Irish information commissioner – hides challenge to the unlawfulness of US state internet surveillance  Continue Reading

• Security Think Tank: Walk before you run

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Apply different techniques to safeguard against rogue code

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Combine SDN, containerisation and encryption to halt rogue code

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Creative thinking key to meeting emerging security challenges

  How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• eIDAS and the EU’s mission to create a truly portable identity

  It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes   Continue Reading

• Security Think Tank: Meeting the security challenge of multiple IT environments

  How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Security Think Tank: Use SDN, containerisation and encryption tools to boost security

  How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Can we live without passwords?

  Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve  Continue Reading

• Security Think Tank: Prioritise multifactor authentication in 2019

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Security Think Tank: Prevention and detection key to disrupting malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: Severing C&C comms is key, but complex

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: How to tool up to catch evasive malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be ...  Continue Reading

• Security Think Tank: Combine tech, process and people to block malware comms

  As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be ...  Continue Reading

• GCHQ offers help to embryonic Irish cyber security organisation

  Ciaran Martin head of the UK's National Cyber Security Centre, part of GCHQ, builds bridges with the Republic of Ireland's intelligence community during an official visit to Dublin  Continue Reading

• Security Think Tank: Top considerations to reduce application layer attacks

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Gap, risk and business impact analysis key to application security

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Three ways to safeguard against application layer vulnerabilities

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Defend application layer with good security hygiene

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Counter application layer attacks with automation

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Monitoring key to outcomes-based security

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based, and how can an organisation test if its security defences are delivering the desired outcome?  Continue Reading

• Customers need to be at the centre of GDPR plans

  Responding to a breach is not just about data, it is about taking care of, and protecting, customers  Continue Reading

• Security Think Tank: Enable outcomes-based security in software development

  What is the first step towards moving from a tick box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: C-suite needs to drive outcomes-based security

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: Shift to outcomes-based security by focusing on business needs

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: Start outcomes-based security with asset identification

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Security Think Tank: Security governance key to outcomes-based approach

  What is the first step towards moving from a tick-box approach to security to one that is outcomes based, and how can an organisation test if its security defences are delivering the desired outcome?  Continue Reading

• Why the government should rethink the UK’s surveillance laws

  The European Court of Human Rights has made clear that the Snoopers’ Charter is an unlawful violation of people’s rights and freedoms  Continue Reading

• Security Think Tank: Eight controls to manage software vulnerabilities

  What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities?  Continue Reading

• Better the data you know – how GDPR is affecting UK tech companies

  As the dust settles from the General Data Protection Regulation, the implications for technology firms in the UK are becoming clearer  Continue Reading

• Security Think Tank: Outsource security operations, not control

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Outsource responsibility, not accountability

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Almost all security can be outsourced, but not the risk

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Risk tolerance key to security outsourcing policy

  What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Top things to consider in security outsourcing

  What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: A risk-based approach to security outsourcing

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Not all security service providers are created equal

  What critical security controls can be outsourced, and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Smart cities face challenges and opportunities

  IHS Markit analysts Noman Akhtar and Kevin Hasley assess the way forward for smart city technology projects around the world  Continue Reading

• Beyond GDPR: ePrivacy could have an even greater impact on mobile

  From how we monitor air pollution and manage our public transport systems, to how we enable connected cars and the next generation of 5G mobile services, the forthcoming ePR could have a lasting impact on European society  Continue Reading

• What the ICO's Facebook fine teaches us

  Legal expert Alexander Egerton considers whether the ICO’s planned £500,000 fine for Facebook is the precursor of a spate of increased fines across the board, or if it shows the ICO’s stance has not changed and will continue to target certain ...  Continue Reading

• Cyber security: A work in progress

  Piers Wilson, director of the Institute of Information Security Professionals, reflects on the findings of the latest IISP industry survey and suggests there is still more work to do  Continue Reading