IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
23 May 2025
Essex Police discloses ‘incoherent’ facial recognition assessment
An equality impact assessment of Essex Police live facial recognition deployments is plagued by inconsistencies and poor methodology, undermining the force’s claim that its use of the technology will not be discriminatory Continue Reading
-
News
21 May 2025
NCSC: Russia’s Fancy Bear targeting logistics, tech organisations
The NCSC and its partner agencies have blown the whistle on an extensive campaign of malicious cyber attacks orchestrated by the Russian state Fancy Bear operation Continue Reading
-
News
06 Nov 2019
Trend Micro insider breach exposes need for data-centric protection
Simple measures could have saved consumer security product supplier from insider breach Continue Reading
-
News
06 Nov 2019
Global security workforce must more than double to meet demand
There are about 2.8 million cyber security professionals working today, and the world needs four million more Continue Reading
-
Opinion
06 Nov 2019
What changes are needed to create a cyber-savvy culture?
PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture Continue Reading
-
Opinion
06 Nov 2019
Security Think Tank: Adapt security posture to your cloud model
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
Opinion
05 Nov 2019
Security Think Tank: The cloud needs security by design
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
E-Zine
05 Nov 2019
The benefits of API-first software development
In this week’s Computer Weekly, we find out how organisations are using an API-based approach to software development to boost digital initiatives. We examine the potential pitfalls in using cloud storage. And we talk to the Department for Work and Pensions about its four-year project to move from outsourced IT to the cloud. Read the issue now. Continue Reading
-
Opinion
04 Nov 2019
Security Think Tank: Secure the cloud when negotiating contracts
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading
-
News
04 Nov 2019
EU patches 20-year-old open source vulnerability
Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year-old vulnerability Continue Reading
-
Feature
04 Nov 2019
Making the case for integrated risk management
Security experts discuss how an integrated approach to risk and governance can be effectively managed Continue Reading
-
News
01 Nov 2019
CIO must focus on easing data access to help data scientists build models more quickly
Data scientists struggle to get the right data in the right format to build artificial intelligence models, so to benefit from AI, CIOs will need to simplify data access Continue Reading
-
News
31 Oct 2019
Alibaba Cloud earns security credentials in automotive and healthcare sectors
Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules Continue Reading
-
News
30 Oct 2019
What will succeed the National Cyber Security Strategy?
As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading
-
News
29 Oct 2019
Fancy Bear resumes Olympic hacks ahead of Tokyo games
Fancy Bear is back in action and once again targeting anti-doping bodies and sporting organisations, warns Microsoft Continue Reading
-
E-Zine
29 Oct 2019
IR35 reforms – the difficult decisions facing IT contractors
In this week’s Computer Weekly, we examine the difficult choices facing UK IT contractors from the controversial IR35 tax reforms. Social engineering is a major source of cyber security attacks – we look at mitigation strategies. And the IT chief at Mercedes F1 explains what it takes to support a world championship team. Read the issue now. Continue Reading
-
Opinion
28 Oct 2019
Security Think Tank: Embedding security in governance
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Feature
28 Oct 2019
Security puzzle calls for some joined-up thinking
The age of digitisation brings new risks to organisations, so security needs to be more integrated Continue Reading
-
News
24 Oct 2019
Endpoint security is a procurement issue, says HP, IDC study
Report warns that buyers are falling at the first hurdle on security by not including it in their endpoint RFPs and tenders Continue Reading
-
News
23 Oct 2019
Take responsibility for cyber security basics, urges NCSC CEO
At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading
-
News
22 Oct 2019
Banks move to contain impact of Samsung biometric flaw
NatWest and Nationwide have moved to lock down their mobile banking apps after Samsung warned of a biometric security flaw on its Galaxy and Note S10 devices Continue Reading
-
22 Oct 2019
Data management strategies are evolving – so must enterprises
A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management. Continue Reading
-
News
22 Oct 2019
Over-30s tend to do better at cyber security than younger colleagues
Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security Continue Reading
-
News
21 Oct 2019
Trend Micro buys cloud security firm to broaden offering
Acquisition of Cloud Conformity will address often overlooked cloud security fundamentals Continue Reading
-
News
21 Oct 2019
Sodinokibi emerging as a diverse, multi-vector threat to businesses
McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading
-
News
18 Oct 2019
Amazon consumer devices vulnerable to two-year-old exploit
Millions of older Amazon Echo and Kindle devices are still susceptible to a Wi-Fi vulnerability that was first disclosed in 2017 Continue Reading
-
News
17 Oct 2019
BEIS launches multimillion-pound security investment package
Government is making available more than £50m to support a range of new cyber security initiatives and collaborations, including the latest phase of its Digital Security by Design programme Continue Reading
-
News
17 Oct 2019
NHSX could transform NHS security capabilities
The health sector is increasingly confident that NHSX can deliver a streamlined, effective cyber security policy for the health service Continue Reading
-
News
17 Oct 2019
Security threat landscape becomes more organised and business-like
Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape Continue Reading
-
Opinion
17 Oct 2019
Security Think Tank: Focus on metrics to manage risk
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
News
16 Oct 2019
Pitney Bowes ‘considering options’ after malware attack
Mailing and shipping services firm in recovery mode after key systems were encrypted by a malware attack Continue Reading
-
Opinion
16 Oct 2019
Security Think Tank: Embed security professionals in your risk strategy
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Opinion
15 Oct 2019
Security Think Tank: Risk management must go beyond spreadsheets
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Opinion
14 Oct 2019
Security Think Tank: Consider risk holistically, not just from an IT angle
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
E-Zine
10 Oct 2019
CW Middle East: Saudi banks trial biometrics in ATMs
Biometric and blockchain technologies are being used in tandem to provide ID verification at Saudi Arabian cash machines. Also read about the first government organisation in Bahrain to migrate to Amazon Web Services, and an interview with Yasmeen Al Sharaf, head of fintech and innovation unit, Central Bank of Bahrain. Continue Reading
-
Feature
10 Oct 2019
Data management strategies are evolving – so must enterprises
A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading
-
Opinion
09 Oct 2019
Small business guide: How to keep your organisation secure from fraudsters and hackers
Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters Continue Reading
-
Opinion
09 Oct 2019
Security Think Tank: The operational approach to integrated risk management
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
News
08 Oct 2019
How APAC enterprises can keep pace with container security
For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities Continue Reading
-
08 Oct 2019
How to bolster IAM strategies using automation
Identity and access management processes and technologies play an important role in security strategies, but organisations and IT professionals need to ensure these strategies are robust enough to deal with new threats. Continue Reading
-
E-Zine
08 Oct 2019
Showcasing the potential of 5G
In this week’s Computer Weekly, we visit an ambitious trial in Bristol that is showcasing the possibilities offered by 5G roll-out. We look at how emerging automation technologies are enhancing the use of identity and access management tools. And we assess the Government Digital Service plan for transforming public services. Read the issue now. Continue Reading
-
Opinion
07 Oct 2019
Security Think Tank: Risk is unavoidable in digital transformation
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
News
03 Oct 2019
IT contractor charged over cyber attack on property valuation firm
Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web Continue Reading
-
News
03 Oct 2019
LogRhythm touts unlimited data plan for SIEM systems
SIEM supplier introduces three-year, term-based pricing plan that lets enterprises ingest as much data as they want without breaking the bank Continue Reading
-
News
03 Oct 2019
Local authorities hit by 800 cyber attacks every hour
Local authorities and councils in the UK have reported being hit by more than 263 million cyber attacks in the first six months of this year Continue Reading
-
News
03 Oct 2019
Cyber war as big a threat as nuclear war, says ex-RSA head Coviello
Former RSA chairman Art Coviello has been speaking about the devastating potential of cyber weapons, and warned that humanity must learn from history in order to control them Continue Reading
-
News
01 Oct 2019
A security breach is inevitable, IT leaders warned
No matter how much IT security tech and training is in place, sophisticated, targeted attacks are going to breach company defences, Carbon Black warns Continue Reading
-
E-Zine
01 Oct 2019
The most influential women in UK technology 2019
In this week’s Computer Weekly, we announce our annual list of the 50 most influential women in UK technology. Meet the winner, Debbie Forster, CEO of Tech Talent Charter, and find out who are this year’s five rising stars. Also, our latest buyer’s guide looks at the latest developments in robotic process automation. Read the issue now. Continue Reading
-
News
01 Oct 2019
Singapore outlines initiatives to tackle OT and IoT security
The Cyber Security Agency of Singapore has developed a blueprint to secure operational technology systems in critical sectors, among other measures to secure cyber-physical systems and the internet of things Continue Reading
-
News
27 Sep 2019
Nodersok malware campaign is infecting thousands, Microsoft warns
Thousands of Windows endpoints in the US and Europe have been infected by a new fileless malware campaign in the past few weeks Continue Reading
-
News
27 Sep 2019
GDPR compliance: Whose job is it and is it really possible?
Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading
-
News
26 Sep 2019
Overinvestment breeds overconfidence among security pros
CISOs have made an abundance of security investments in multiple suppliers, but this might not be the right approach Continue Reading
-
News
24 Sep 2019
Singapore payment card data compromised by JavaScript sniffers
Raw data of thousands of payment cards issued by Singapore banks stolen by the online equivalent of a traditional card sniffer Continue Reading
-
News
24 Sep 2019
Enterprises exposed to data loss by cloud configuration errors
Only 1% of misconfigured cloud environments are spotted and attackers are capitalising on this, claims McAfee Continue Reading
-
News
18 Sep 2019
Facebook automatically generates pages for Islamic State and Al-Qaeda
Facebook algorithms have auto-generated hundreds of Facebook pages for the Islamic State, Al-Qaeda and Ansar al-Sharia, according to a whistleblower Continue Reading
-
News
18 Sep 2019
Universities tempting targets for cyber criminals, warns NCSC
As hundreds of thousands of students prepare for the new academic year, universities have been warned that they are at high risk of cyber attack Continue Reading
-
News
16 Sep 2019
Ensign InfoSecurity opens global headquarters in Singapore
The Singapore-based cyber security firm’s new headquarters will also be home to a new security operations centre that will be supported by Singapore-centric threat intelligence Continue Reading
-
Feature
16 Sep 2019
Inside blockchain and its various applications
We explore the technology around blockchain shaping how businesses use data Continue Reading
-
News
13 Sep 2019
When AIs go to war: Autonomous cyber weapons ‘inevitable’
CISOs must start thinking about how to engage with intelligent, adaptive, non-human attackers, says Trend Micro’s Rik Ferguson Continue Reading
-
News
12 Sep 2019
UN agency Unicef praised for response to accidental data leak
The UN’s children’s agency has disclosed an inadvertent leak of personal data belonging to users of its online learning platform Agora Continue Reading
-
E-Zine
12 Sep 2019
CW Europe: Dutch authorities call temporary halt to datacentre construction
Two Dutch municipalities are putting all datacentre construction on hold while they put together a strategy to help them control developments. A local alderman said datacentres take up a lot of space and place a large burden on the electricity grid. Also read how France is racing ahead of Germany in making the most of service companies in India, and about Google’s plans for a new datacentre and technology training hub in Finland. Continue Reading
-
Opinion
11 Sep 2019
Regulators globally are shaping up to rein in Facebook
We need to move fast and fix Facebook, before it breaks us Continue Reading
-
News
11 Sep 2019
Nordic countries deepen collaboration with Estonia-based cyber security operation
Nordic countries are now working closer with Nato’s Estonia-based centre of excellence in cyber security Continue Reading
-
News
11 Sep 2019
GDPR non-compliance worse than feared
Over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts Continue Reading
-
News
10 Sep 2019
UK calls for cyber capacity-building at UN security group
The UK’s representative to a United Nations cyber security working group has called for increased investment in capacity around cyber security Continue Reading
-
News
10 Sep 2019
BT gears up to take on rogue drones
BT’s Enterprise unit is offering customers an anti-drone security solution to protect their physical sites from intrusion Continue Reading
-
Opinion
10 Sep 2019
Security Think Tank: The case for blockchain-based identity
What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading
-
E-Zine
10 Sep 2019
A tech boost for social care
In this week’s Computer Weekly, we explore how local authorities across the UK have been looking at assistive technologies, ranging from collaborative robots to voice assistants, to support delivery of adult social care services. We also look into the ramifications of HMRC targeting 1,500 GlaxoSmithKline IT contractors. Read the issue now. Continue Reading
-
Opinion
09 Sep 2019
Security Think Tank: Too soon to dismiss blockchain in cyber security
What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading
-
News
06 Sep 2019
Australia government to chart 2020 cyber security strategy
Australia’s home affairs ministry has released a discussion paper to seek views from all segments of society on the country’s next cyber security blueprint Continue Reading
-
Opinion
06 Sep 2019
Security Think Tank: Use blockchain for integrity and immutability checks
What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading
-
News
05 Sep 2019
Singapore’s SecureAge eyes US market
The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan Continue Reading
-
News
05 Sep 2019
Tide Foundation aims to boost password security
While passwordless security remains just out of reach, a non-profit organisation has developed a mechanism that it says makes passwords exponentially more difficult to crack Continue Reading
-
Opinion
05 Sep 2019
Security Think Tank: Blockchain is not for everyone, so look carefully before you leap
What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading
-
Opinion
04 Sep 2019
Security Think Tank: Blockchain utility depends on business type and cost
What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading
-
News
04 Sep 2019
TrickBot Trojan switches to stealthy Ostap downloader
Operators of the TrickBot banking Trojan have switched to a new downloader to evade detection and analysis for a high-volume malicious spam campaign targeting business, researchers warn Continue Reading
-
News
03 Sep 2019
Cyber criminals tap into web social engineering toolkit
Security researchers have discovered a web social engineering toolkit that enables cyber criminals to create fake update notification campaigns Continue Reading
-
News
03 Sep 2019
CISOs think cloud safer, but security fears remain
The majority of information security leaders think cloud is now safer than on-premise, but security fears remain, with recently breached and highly regulated organisations most concerned, poll reveals Continue Reading
-
News
03 Sep 2019
At least 47,000 servers vulnerable to remote attack
All organisations using Supermicro servers are being urged to update firmware to block remote attacks exploiting vulnerabilities in baseboard management controllers Continue Reading
-
Opinion
03 Sep 2019
Security Think Tank: Risk mitigation is key to blockchain becoming mainstream
What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading
-
News
02 Sep 2019
UK organisations join quantum comms pilot
Four UK companies are taking part in a pilot project to build the most secure communication infrastructure in Europe Continue Reading
-
Opinion
02 Sep 2019
Security Think Tank: Blockchain – balance risk and opportunity for smart security
What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading
-
News
02 Sep 2019
CISOs turn to AI, detection, response and education
Information security leaders are looking to artificial intelligence, better detection and response capabilities and user education in the face of cyber threats, but need more budget, a study shows Continue Reading
-
Feature
30 Aug 2019
How to mitigate IoT security risks to tap business benefits
Security concerns are preventing many businesses from adopting IoT-based technologies, but with a bit of planning, the business benefits can be realised by mitigating the risk Continue Reading
-
News
30 Aug 2019
Social media and enterprise apps pose big security risks
The lack of security policies in many business applications is putting enterprise data at risk and social media apps are the biggest source of malware, a poll of IT professionals reveals Continue Reading
-
News
29 Aug 2019
UK gets first millionaire ethical hacker
Six months after the first millionaire ethical hacker was announced, five more have been recognised, including a Briton, who have collectively discovered nearly 5,000 vulnerabilities Continue Reading
-
News
29 Aug 2019
Finland’s security agencies collaborate after cyber attacks
National Bureau of Investigations and National Cyber Security Centre aim to increase expertise and capability to defend Finland’s critical IT infrastructure Continue Reading
-
News
29 Aug 2019
UK firms getting on top of IT downtime costs
Despite data breach headlines, UK firms are generally improving in their data protection, business continuity, cyber preparedness and understanding of downtime costs, study shows Continue Reading
-
News
29 Aug 2019
Dutch regulator reveals potential Microsoft privacy breach
Netherlands privacy watchdog has revealed potential breaches while testing Microsoft software changes Continue Reading
-
News
28 Aug 2019
Targeted cyber attacks, including ransomware, on the rise
Governments and healthcare institutions are prime targets of ransomware operators, a report shows Continue Reading
-
Feature
28 Aug 2019
Mitigating social engineering attacks with MFA
The growing frequency of social engineering attacks highlights the increasing need for organisations to take steps to mitigate the effects of phishing Continue Reading
-
News
28 Aug 2019
Most UK firms ignore security in tech investments
Less than a quarter of UK firms prioritise security when investing in new technology, despite the threat of cyber attacks and data protection regulations, a survey reveals Continue Reading
-
News
28 Aug 2019
Ransomware has evolved into a serious enterprise threat
Ransomware has seen a resurgence since the start of 2019, with cyber criminals changing code and tactics to target enterprises and local authorities for higher ransom payments, McAfee researchers warn Continue Reading
-
News
27 Aug 2019
Employees, MSPs and developers top third-party risks
Employees, managed service providers and developers are the top sources of third-party risks in terms of data security, a survey reveals, highlighting the value of workplace monitoring Continue Reading
-
News
26 Aug 2019
VMware’s latest acquisitions point to emerging platform war
VMware’s buyout of Carbon Black and Pivotal is a sign of an emerging platform war following the IBM-Red Hat deal Continue Reading
-
Feature
23 Aug 2019
How to bolster IAM strategies using automation
Identity and access management processes and technologies play an important role in security strategies, but organisations and IT professionals need to ensure these strategies are robust enough to deal with new threats Continue Reading
-
News
23 Aug 2019
Majority of organisations struggling with cloud security
The majority of organisations find securing the cloud difficult and more than a quarter feel the shared security responsibility model is unclear, according to a survey of information security professionals Continue Reading
-
News
23 Aug 2019
Kaspersky eyes enterprise business, opens APAC transparency hub
The security firm wants to engage with enterprises and use its newly launched Malaysian Transparency Centre to burnish its credentials Continue Reading
-
News
22 Aug 2019
Security pros reiterate warning against encryption backdoors
The majority of security professionals believe countries with government-mandated encryption backdoors are more susceptible to nation-state cyber attacks Continue Reading
-
News
22 Aug 2019
A helping hand from the Nordics in the eye of the GDPR storm
Nordic IT companies are well suited to supporting enterprises in their data protection projects, even though openness is more natural to them Continue Reading
-
News
22 Aug 2019
Tech firms join forces to boost cloud security
Top tech firms are to collaborate on open source technologies, tools, frameworks and standards that accelerate the adoption of confidential computing to boost security in cloud and edge computing Continue Reading
-
E-Zine
22 Aug 2019
CW Nordics: Copenhagen woos tech startups
Copenhagen offers all the advantages startups need to get off the ground and many are setting up with the intention of staying there for the long haul. Also read how shipping giant Maersk is employing a cloud-first strategy to disrupt competition and build innovation, and why three Finnish banks are sharing a core IT platform. Continue Reading