IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
10 May 2024
Major breach of customer information developing at Dell
Almost 50 million data records relating to Dell customers appear to have been compromised in a major cyber breach Continue Reading
-
News
09 May 2024
Wales gets UK’s first national SOC
The first national security operations centre of its kind in the UK has opened in the south of Wales to safeguard public sector bodies across the country Continue Reading
-
News
15 Apr 2016
Israeli volunteers ready their cyber defences as Anonymous affiliates attack
Every April, Israel braces itself for an onslaught from pro-Palestinian hackers, but the occupants of a small conference room in Tel Aviv stand in their way Continue Reading
-
News
15 Apr 2016
BBC turns micro:bit computers into IoT devices
The BBC and Nominet demonstrate a new use case for the micro:bit computer and hope to turn Britain’s schoolchildren into internet of things pioneers Continue Reading
-
News
13 Apr 2016
NCA attempts 'back door' access to obtain activist Lauri Love’s passwords
Court told that use of civil proceedings to force disclosure of alleged hacker Lauri Love's passwords is disproportionate and would breach human rights law Continue Reading
-
News
11 Apr 2016
QA launches cyber attack defence training facility in London
Training firm QA launches a cyber attack simulation facility in London to enable organisations to test and learn cyber defence skills Continue Reading
-
News
11 Apr 2016
Activist Lauri Love faces order to disclose encryption keys
The UK’s National Crime Agency takes an unusual legal step to force a former university student accused of hacking to disclose encryption keys Continue Reading
-
News
11 Apr 2016
IT specialist sentenced for stealing NHS computer equipment
A former NHS IT worker is convicted of stealing hospital computer equipment from Doncaster and Bassetlaw Hospitals NHS Foundation trust and selling them on eBay Continue Reading
-
News
05 Apr 2016
'Citizens will be stripped naked' by Turkey’s data law
Turkey's data protection law, introduced in March 2016, will make Turkey a near total surveillance state, yet the EU, apparently more concerned about securing Turkey's help in controlling immigration, is turning a blind eye Continue Reading
-
News
31 Mar 2016
DDoS attacks on universities normally performed by “disgruntled” students or employees
The majority of distributed denial of service attacks on universities are made by students or employees, says the head of infrastructure services at the University of London Continue Reading
-
News
30 Mar 2016
Security should be driven by business, says Corvid’s Andrew Nanson
Information security should be business-driven and investments assessed for their effectiveness and business value, according to Corvid CTO Continue Reading
-
News
29 Mar 2016
Cyber criminals use Microsoft PowerShell in ransomware attacks
A newly discovered family of ransomware, dubbed PowerWare, uses Microsoft PowerShell to target organisations through macro-enabled documents Continue Reading
-
Feature
29 Mar 2016
Hunters: a rare but essential breed of enterprise cyber defenders
They wait, they watch, they search the outer reaches of networks and the darkest corners of the web, setting traps, crafting tools, collecting evidence and going in pursuit: they are the hunters Continue Reading
-
News
24 Mar 2016
Government warned of smart meter security threat back in 2012
The government was warned four years ago that its plans for a nationwide smart meter roll-out represented a “potentially significant” security and privacy threat, Computer Weekly has learned Continue Reading
-
News
23 Mar 2016
US hospital claims to have fought off a ransomware attack
A hospital in Kentucky claims to have regained control of its IT systems five days after cyber criminals hit it with a ransomware attack Continue Reading
-
Feature
23 Mar 2016
How to manage IT access for external users
Identity and access management has extended from being solely an internal IT management process to focus on external business engagement too Continue Reading
-
News
21 Mar 2016
Britain to pay billions for monster internet surveillance network
New questions raised about Britain’s snoopers’ charter after Denmark abandons its own UK-style surveillance programme for a second time Continue Reading
-
News
21 Mar 2016
National Cyber Security Centre to be UK authority on information security
The UK’s National Cyber Security Centre (NCSC) is to be the UK's one-stop authority on infosec, based in London and led by GCHQ's Ciaran Martin Continue Reading
-
News
18 Mar 2016
Australian girls believe online harassment is endemic
There are clear signals that online threats against women and attempts to invade their privacy are becoming societal norms in Australia Continue Reading
-
E-Zine
15 Mar 2016
Robots at your service
In this week’s Computer Weekly, we find out how financial services firms are investing in artificial intelligence to create robo-advisors to help customers with financial advice online. We ask if virtual reality is ready for mainstream business adoption or is still just an over-hyped technology. And we examine the key steps needed to successfully build smart cities using internet of things and networking technologies. Read the issue now. Continue Reading
-
Feature
15 Mar 2016
IAM is the future for managing data security
Why identity and access management is taking centre stage in companies’ access policies Continue Reading
-
News
09 Mar 2016
Lack of security knowledge limiting business initiatives, survey shows
Security concerns are limiting the adoption of cloud and mobility throughout organisations, according to the first Dell Data Security Survey Continue Reading
-
Opinion
08 Mar 2016
Security Think Tank: Many breaches down to poor access controls
In the modern business environment, what are the most common access control mistakes – and how best are these corrected? Continue Reading
-
E-Zine
08 Mar 2016
Building datacentres under the sea
In this week’s Computer Weekly, we look at Microsoft’s trial of an underwater datacentre and assess the technology and environmental implications of running cloud services under the sea. As PC suppliers build new products around Windows 10, we ask if the desktop PC is set to be reinvented. And with ransomware on the rise, we examine the threat of cyber extortion. Read the issue now. Continue Reading
-
Opinion
07 Mar 2016
The problem with passwords: how to make it easier for employees to stay secure
An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading
-
Opinion
03 Mar 2016
Security Think Tank: Top five access control mistakes
In the modern business environment, what are the most common access control mistakes and what is the best way to correct them? Continue Reading
-
E-Zine
01 Mar 2016
Protecting the UK from cyber attacks
In this week’s Computer Weekly, we talk to the National Crime Agency’s top cyber cop, Sarah Goodall, about how the police are tackling IT security threats against the country through global collaborations. We ask CIOs for their tips on building an IT strategy for the digital age. And we review the big six storage suppliers’ plans for all-flash arrays. Read the issue now. Continue Reading
-
News
26 Feb 2016
Nissan acts on Leaf car app security flaw after researcher goes public
Nissan suspends its electric car app after a researcher went public about a security flaw that could enable attackers to take control of heating systems Continue Reading
-
News
25 Feb 2016
Cyber crime is fastest growing economic crime, says PwC report
More than half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime, says a PwC report Continue Reading
-
E-Zine
23 Feb 2016
Surviving broadband failure
In this week’s Computer Weekly, after the recent BT broadband outage, we examine the options to keep your communications in place in the event of a failure, to ensure business continuity. We look at the prospects for the OpenStack open source cloud platform in the enterprise. And we see how Ireland is making progress on delivering a digital health service. Read the issue now. Continue Reading
-
News
23 Feb 2016
Social engineering confirmed as top information security threat
Cyber attackers shifted away from automated exploits in 2015 and instead tricked people into doing the dirty work, Proofpoint researchers found Continue Reading
-
News
19 Feb 2016
HSBC launches biometric security for mobile banking in the UK
Bank claims UK’s largest planned roll-out of voice biometric security technology, with more than 15 million customers in line for voice and fingerprint authentication services Continue Reading
-
E-Zine
18 Feb 2016
CW Europe: February 2016
In Europe cloud is restricted and hybrid setups make use of local compute and storage. Continue Reading
-
News
16 Feb 2016
EU managers need to up cyber security collaboration, study finds
There is still much work to be done in the area of collaboration and sharing responsibility when it comes to preventing data breaches, a study has found Continue Reading
-
E-Zine
16 Feb 2016
How AstraZeneca saved $350m by insourcing IT
In this week’s Computer Weekly, we talk to pharmaceutical giant AstraZeneca to find out why it brought its outsourced IT back in-house, and how it saved $350m per year as a result. As the data protection debate rages around Europe, we ask if the new EU/US Privacy Shield agreement will protect citizens’ data. And we examine the relative merits of datacentre colocation and the cloud. Read the issue now. Continue Reading
-
News
12 Feb 2016
US IT professionals overconfident in cyber attack detection, study finds
Most US IT professionals are confident in key security controls to detect cyber attacks – but unsure how long it would take automated tools to discover a breach Continue Reading
-
News
11 Feb 2016
Social engineering is top hacking method, survey shows
Social engineering tops the list of popular hacking methods, underlining the need for continuous monitoring, according to security firm Balabit Continue Reading
-
E-Zine
09 Feb 2016
How software protects people
In this week’s Computer Weekly, we find out how software is helping to maintain safety in high-risk sectors like oil & gas, aerospace and healthcare – and what lessons they hold for other organisations. We offer six tips from CIOs for innovation with data. And after the HSBC cyber attack, we examine the continuing threat to businesses from distributed denial of service (DDoS) attacks. Read the issue now. Continue Reading
-
News
01 Feb 2016
DDoS is most common cyber attack on financial institutions
January’s attack on HSBC is typical for the financial sector, but no business should consider itself unlikely to be targeted in this way, say security experts Continue Reading
-
News
29 Jan 2016
HSBC online services hit by DDoS attack
HSBC was hit by a distributed denial of service (DDoS) attack, which targeted its online personal banking services. Continue Reading
-
News
29 Jan 2016
ICO launches data privacy assessment tool for SMEs
The ICO has launched an online self-assessment tool to help SMEs to comply with data protection laws and improve data handling procedures Continue Reading
-
News
28 Jan 2016
Business urged to take action on data privacy
Security professionals use Data Protection Day to encourage businesses to do more to protect personal data Continue Reading
-
News
27 Jan 2016
Keep data safe or risk financial impact, ICO warns business
The knock-on effect of a data breach can be devastating for a company, warns information commissioner Christopher Graham Continue Reading
-
News
27 Jan 2016
Average DDoS attacks fatal to most businesses, report reveals
Criminal activity is top motivation for DDoS attacks as average attacks become strong enough to down most businesses, Arbor Networks report reveals Continue Reading
-
E-Zine
26 Jan 2016
Beyond India – the emerging outsourcing destinations
In this week’s Computer Weekly, we look at the growing number of offshore alternatives to the dominant outsourcing destination of India and assess their relative merits. We examine how to respond if your organisation is affected by a data breach. And we analyse how virtualisation technology can help improve your disaster recovery strategy. Read the issue now. Continue Reading
-
E-Zine
21 Jan 2016
CW Europe - January 2016
This month, CW Europe looks in-depth at an issue that is set to affect people across all 28 European Union member states – the abolition of mobile roaming charges, set for mid-2017. Continue Reading
-
News
19 Jan 2016
Most Android devices running outdated versions
Nearly a third of Android devices in enterprises today are running version 4.0 or older of the operating system, leaving them highly susceptible to vulnerabilities, a study shows Continue Reading
-
E-Zine
19 Jan 2016
Is government surveillance going too far?
In this week’s Computer Weekly, as the UK prepares new laws on surveillance and data collection, we hear from security experts on the challenges of balancing privacy and security and their insider view on GHCQ and the NSA. We examine the growing threat of ransomware and how to tackle it. And we look at the implications of new EU data protection rules. Read the issue now. Continue Reading
-
News
18 Jan 2016
Chinese university targeted by Islamic State hacktivist
Beijing’s Tsinghua University is the latest organisation to be attacked by hackers with a social or political agenda Continue Reading
-
News
13 Jan 2016
UK not involved in mass surveillance, says Theresa May
Coffee shops and libraries could be the target of interception warrants, Theresa May tells MPs and peers Continue Reading
-
News
13 Jan 2016
Watchdog urges US nuclear agency to close cyber security gaps
An audit report has called on the US nuclear agency to revise its IT contracts to ensure better cyber security Continue Reading
-
News
12 Jan 2016
Police take action against cyber extortion gang DD4BC
Police have made one arrest and gathered evidence in searches of properties in an international operation aimed at cyber extortion gang DD4BC Continue Reading
-
News
06 Jan 2016
UK IoT research hub opens with support from academic world
A consortium of nine UK universities have come together to work alongside the Engineering and Physical Sciences Research Council on research into the internet of things Continue Reading
-
News
06 Jan 2016
Upgrade to Internet Explorer 11 to reduce risk
Failure to update to the latest version of Internet Explorer by 12 January 2016 could put users at risk, Microsoft warns Continue Reading
-
Feature
05 Jan 2016
Interview: James Bamford on surveillance, Snowden and technology companies
Investigative journalist and documentary maker James Bamford was among the first to uncover the secrets of the US National Security Agency and its global surveillance Continue Reading
-
News
31 Dec 2015
Top 10 internet of things stories of 2015
2015 was the year the internet of things began to move from theory to widespread practice, and the fledgling industry shook off the millstone of connected kitchen appliances Continue Reading
-
News
24 Dec 2015
Top 10 IT security stories of 2015
Computer Weekly looks back at the most significant stories on IT security in the past 12 months Continue Reading
-
News
23 Dec 2015
Top 10 cyber crime stories of 2015
Computer Weekly takes a look back at the top cyber crime stories of 2015 Continue Reading
-
News
11 Dec 2015
UK firms act quickly to fix payment card data encryption
Security firm found that 16 global companies had failed to effectively encrypt traffic to the payment portion of their websites and apps Continue Reading
-
Feature
10 Dec 2015
How to deal with the aftermath of a data breach
Considering that a data breach could happen to any company, at any time, a plan of action is the best tactic Continue Reading
-
Feature
10 Dec 2015
Disaster recovery planning: Where virtualisation can help
The disaster recovery planning process is not fundamentally technology-centric, so when can virtualisation make it quicker and easier to restore services after an unplanned outage? Continue Reading
-
E-Zine
08 Dec 2015
The most influential people in UK IT 2015
In this week’s Computer Weekly, we announce our sixth annual UKtech50 list of the 50 most influential people in UK IT, and talk to this year’s winner – BT chief executive Gavin Patterson, about the challenges facing the telecoms giant in 2016. Also, we find out how the genomics industry is pushing big data technology to its limits. Read the issue now. Continue Reading
-
Feature
07 Dec 2015
The next stage in quantum key distribution
Authentication schemes based on quantum physics are emerging to address the growing number of ways to compromise data traffic Continue Reading
-
News
07 Dec 2015
Cyber attacks an increasing concern for Asean countries
Organisations in the Association of Southeast Asian Nations are increasingly the targets for cyber criminals, according to a report focused on the region Continue Reading
-
Guide
07 Dec 2015
Essential guide to data breaches, the dark web and the hidden data economy
In this guide, we look at the aftermath of a data breach - what do cyber criminals use that stolen data for, and what can companies do to avoid becoming a victim? Continue Reading
-
News
03 Dec 2015
Workday ringfences support in Europe after Safe Harbour ruled unsafe
US cloud HR and financial services provider reponds to Safe Harbour failure by ringfencing European data Continue Reading
-
News
01 Dec 2015
Security analytics needs practical approach, says Fico Ciso Vickie Miller
Analytics must form part of a comprehensive defence-in-depth strategy, according to chief information security officer (Ciso) Vickie Miller at software firm Fico Continue Reading
-
E-Zine
01 Dec 2015
Balancing speed and risk in IT projects
In this week’s Computer Weekly, as IT leaders face boardroom pressure to roll out IT projects ever more quickly, we examine how to do that without running unacceptable risks. Michael Dell talks about how he sees the future for his company when it buys EMC in the largest IT acquisition in history. And we hear from IT chiefs about the challenges of implementing DevOps. Read the issue now. Continue Reading
-
News
26 Nov 2015
Use legal protection to soften cyber attack impact, says Kemp Little
IT outsourcing provides an opportunity for businesses to transfer risk and recover losses from cyber attacks, says law firm Kemp Little Continue Reading
-
News
20 Nov 2015
Coalition of top tech firms opposes weakened encryption
Weakening security with the aim of advancing security simply does not make sense, a coalition of top tech firms tells US president Barack Obama Continue Reading
-
News
18 Nov 2015
Cyber security mindset needs to change, says report
Government organisations are prime targets for cyber attacks, leading to increased importance on robust information security, according to a report by Intel Security and the Digital Government Security Forum Continue Reading
-
News
17 Nov 2015
Irish hospital to offer patient access to records by November 2016
Galway Clinic plans a big-bang launch of its Meditech electronic medical record system, which includes a patient portal and mobile app Continue Reading
-
News
11 Nov 2015
Snoopers’ charter will force ISPs to raise broadband prices
The Science and Technology Select Committee hears that ISPs may be forced to put up their service charges to cover the cost of retaining communications data, should the Investigatory Powers Bill become law Continue Reading
-
Feature
06 Nov 2015
Avoiding security issues when recycling hardware
What are the options for the environmentally and ethically responsible recycling of end-of-life hardware, without compromising data security? Continue Reading
-
News
29 Oct 2015
M&S data breach forces retailer to temporarily suspend service
A glitch that allowed online customers to see each others' details forced retailer Mark & Spencer to take its website offline while it resolved the issue Continue Reading
-
News
28 Oct 2015
Lack of data classification very costly to firms, says survey
Most data retained by organisations is not identified or classified and gobbles budget spent on storage, as well as being potentially non-compliant, reveals Veritas-sponsored survey Continue Reading
-
News
21 Oct 2015
Infosec pros should start preparing for the future, say experts
Information security professionals need to grow their skills, engage with the business, increase security awareness, set business goals and tailor their messages, says a panel of experts Continue Reading
-
Feature
15 Oct 2015
The true cost of a cyber security breach in Australia
The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting. Continue Reading
-
News
12 Oct 2015
Encryption is a double-edged sword, says Blue Coat
Seven more security suppliers join Blue Coat encrypted traffic management programme amid fresh warnings of attackers using encryption to hide malicious activity Continue Reading
-
Feature
09 Oct 2015
The security dangers of home networks
Most companies take reasonable steps to protect their networks from virus attacks, but one area of vulnerability that is often overlooked is infection from employees’ home networks Continue Reading
-
Feature
09 Oct 2015
How to ensure strong passwords and better authentication
Five steps to ensure stronger passwords and better authentication to reduce the threat of business data theft Continue Reading
-
News
29 Sep 2015
120-day patching gap puts many firms at risk of cyber attack, study shows
The probability of a vulnerability being exploited hits 90% between 40-60 days after discovery, but many firms are taking up to 60 days beyond that to patch, while others are failing to patch at all, a study shows Continue Reading
-
Feature
25 Sep 2015
How to fully test IT networks for vulnerabilities
Making sure a company network is secure is a very important task, and one that should be scheduled regularly Continue Reading
-
News
21 Sep 2015
Department for Culture, Media and Sport takes over responsibility for data protection policy
Government transfers responsibility for data protection policy and ICO oversight from Ministry of Justice (MOJ) to Department for Culture, Media and Sport (DCMS) Continue Reading
-
News
21 Sep 2015
Health chief 'should be held to account' for whistleblow errors
Former nurse and clincial commissioner Bernie Rochford claims unfair dismissal after blowing the whistle on IT problems which put patient care at risk Continue Reading
-
News
18 Sep 2015
Public-private co-operation in the Nordics tackles growing cyber crime threat
Nordic governments and businesses are putting cyber security at the centre of their planning as threats increase Continue Reading
-
News
16 Sep 2015
BT launches ethical hacking service for bankers
BT introduces a certified Crest Star ethical hacking test service for financial services customers Continue Reading
-
News
15 Sep 2015
Most DDoS attacks hiding something more sinister, Neustar warns
Smaller DDoS attacks can be more dangerous than a powerful attack that knocks a company offline but does not install malware or steal data, warns Neustar Continue Reading
-
News
15 Sep 2015
NHS trust denies bullying and intimidation of IT whistleblower
Managers were already aware of whistleblower's concerns about the accuracy of NHS Southwark's data, tribunal hears Continue Reading
-
News
11 Sep 2015
Security industry welcomes GCHQ password guidelines
GCHQ's guidance on password policy covers some of the most pressing issues facing UK businesses and employees today, according to Skyhigh Networks Continue Reading
-
News
11 Sep 2015
DD4BC cyber extortion gang adds social media to arsenal
Cyber extortion gang DD4BC is using social media campaigns to garner more attention for its ability to create service disruptions by publicly embarrassing large organisations Continue Reading
-
News
10 Sep 2015
Researchers discover Android PIN locker ransomware
Researchers say LockerPIN is a self-defending, aggressive piece of ransomware currently targeting Android devices, mainly in the US Continue Reading
-
News
09 Sep 2015
Security pros failing to address digital certificate risks, survey shows
Even though 90% of security professionals believe a leading CA will be compromised in next two years, only 13% have existing automation to deal with that happening Continue Reading
-
News
09 Sep 2015
Conventional security measures hit productivity, study shows
Most IT professionals say context-aware security would improve productivity without compromising security, a survey from Dell reveals Continue Reading
-
News
09 Sep 2015
Security vulnerability management more than patching, warns Secunia
Keeping track of what makes an IT environment vulnerable is an ongoing and complex task, according to Secunia Continue Reading
-
News
04 Sep 2015
US State Department plans cyber security playbook
The US State Department issues a request for information to determine the capabilities of commercial industry to provide and maintain a cyber security playbook Continue Reading
-
News
01 Sep 2015
DDoS attack on NCA highlights need to be prepared, says Barracuda Networks
A Lizard Squad DDoS attack the NCA says is a fact of life highlights the need for organisations to be prepared, according to Barracuda Networks Continue Reading
-
News
27 Aug 2015
Rapid7 calls on router makers to eliminate backdoors
Until manufacturers stop using default passwords, we will continue to see opportunistic attacks on home and small business routers, says Rapid7's Tod Beardsley Continue Reading
-
News
26 Aug 2015
Many firms not getting to grips with third-party data security risk
Supply chain data security risk is pervasive, but being unable to deal with it is down to basic failings, says a cyber risk expert Continue Reading
-
Opinion
25 Aug 2015
Life’s a breach: How to handle the press after a hacking attack
Emily Dent, specialist in crisis PR, offers some advice to organisations that unexpectedly find themselves in the headlines Continue Reading
-
News
20 Aug 2015
Premiership Rugby scores security and efficiency with Intralinks
By setting access controls, Premiership Rugby can ensure that its partners get quick access only to role-appropriate content Continue Reading
-
News
16 Aug 2015
Mobile phone users at risk as hackers bug and track victims
An investigation by Australian TV show 60 Minutes demonstrates how hackers based thousands of miles away in Germany were able to record the calls of an Australian senator and track his movements Continue Reading