IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
20 Jun 2025
Cyber Essentials certifications rising slowly but steadily
The number of businesses attaining the NCSC Cyber Essentials certification continues to increase, but much more can be done to raise awareness of the scheme. Continue Reading
-
News
20 Jun 2025
M&S, Co-op attacks a ‘Category 2 cyber hurricane’, say UK experts
The UK’s Cyber Monitoring Centre has published its first in-depth assessment of a major incident, reflecting on the impact of and lessons learned from Scattered Spider attacks on M&S and Co-op Continue Reading
-
News
02 Apr 2012
Fighting Economic Crime in the Financial Services sector
PwC examines the impact of Cybercrime on the financial services industry. Continue Reading
-
News
30 Mar 2012
SIEM deployment case study shows patience is required
Williams Lea’s SIEM is already helping reduce manual log reviews. But there’s still a lot of work to be done before the SIEM can be fully deployed. Continue Reading
-
News
27 Mar 2012
Warwickshire-based company to revamp data protection following breach
A Warwickshire-based company has committed to taking action to protect personal data, following a breach of the Data Protection Act Continue Reading
-
News
26 Mar 2012
Department for Work and Pensions outsources IT for universal credit welfare to India
The government is outsourcing IT development for the universal credit welfare programme to India despite promises to keep data projects in the UK Continue Reading
-
News
23 Mar 2012
Information management: lessons from the public sector
Freeform Dynamics identifies the lessons organisations can learn from the public sector's approach to information management Continue Reading
-
News
21 Mar 2012
Half of education institutions victims of mobile IT theft
According to research, 45% of UK education establishments claim to have had mobile IT equipment stolen during the last three years. Continue Reading
-
News
19 Mar 2012
UK hacktivist cases should spur business to action, says lawyer
The last of four alleged UK members of hacktivist group LulzSec has appeared in Westminster magistrates court in London Continue Reading
-
News
15 Mar 2012
BBC cyber attacks highlight difficulty of attribution
The BBC has said it is was targeted by cyber attacks following a campaign by Iran against its Persian service, but stopped short of accusing Tehran of ordering the cyber attacks Continue Reading
-
News
13 Mar 2012
Hackers expose weak security on Digital Playground porn site
A hacking group claims to have stolen the details of more than 70,000 users of the Digital Playground porn site Continue Reading
-
News
07 Mar 2012
NIST releases SP 800-153 WLAN security guidelines
The recently released NIST SP 800-153 addresses security of WLANS. Join us, as we take a closer look at the document’s recommendations. Continue Reading
-
News
05 Mar 2012
Rogue IT manager jailed for two years after £123k procurement scam
A rogue IT procurement manager has been jailed for two years after he colluded with two IT suppliers to defraud grocer Nisa Today out of £123,000 Continue Reading
-
News
02 Mar 2012
2012 security outlook
This report, based on extensive research from chief information security officers, identifies the top 10 security imperatives for 2012. Continue Reading
-
News
01 Mar 2012
RSA 2012: IT security experts urge enterprises to ban smartphone BYOD schemes
Enterprises should ban employees from using their own smartphones for work, a panel of IT security practitioners told the RSA Conference 2012 Continue Reading
-
News
29 Feb 2012
IT departments risk losing responsibility for IT security
IT security professionals can no longer take it for granted that IT security will continue as part of the IT function Continue Reading
-
Photo Story
25 Feb 2012
The CISO Power List, 2012
Our CISO Power List for 2012 brings you the who’s who in the Indian information security scene. Join us, as we pay tribute to India’s top 15 CISOs. Continue Reading
-
Feature
23 Feb 2012
Arup Chatterjee
SearchSecurity.in CISO Power List 2012 Profile: Arup Chatterjee, CISO, WNS Global Services. Continue Reading
-
Feature
23 Feb 2012
Agnelo D'Souza
SearchSecurity.in CISO Power List 2012 Profile: Agnelo D‘Souza, CISO, Kotak Mahindra Bank. Continue Reading
-
Feature
23 Feb 2012
Sunil Dhaka
SearchSecurity.in CISO Power List 2012, Profile: Sunil Dhaka, CISO, ICICI Bank. Continue Reading
-
News
23 Feb 2012
OSSIM update enables cyber threat intelligence sharing
The latest update to the Open Source Security Information Management (OSSIM) base system includes a mechanism for sharing cyber threat intelligence. Continue Reading
-
Feature
22 Feb 2012
Sameer Ratolikar
SearchSecurity.in CISO Power List 2012: Profile for Sameer Ratolikar, CISO, Bank of India. Continue Reading
-
Feature
22 Feb 2012
Pankaj Agrawal
SearchSecurity.in CISO Power List 2012 Profile: Pankaj Agrawal, CISO & Head of Technology Governance, Aircel Continue Reading
-
News
21 Feb 2012
Google bypassed IE too, says Microsoft
Microsoft has accused Google of bypassing the privacy settings of Internet Explorer users after Safari faux pas Continue Reading
-
News
17 Feb 2012
UK regulator PhonepayPlus fines Dutch typosquatting companies
UK phone regulator PhonepayPlus fines two Dutch firms £100,000 for exploiting well-known websites Wikipedia, Twitter and YouTube Continue Reading
-
Feature
14 Feb 2012
Buyer's Guide: How to prepare your organisation for IPv6
The switch to IPv6 – on 6 June – shows just how imminent the transition from IPv4 to IPv6 is. Is your organisation ready? Continue Reading
-
News
13 Feb 2012
IE update top priority for Patch Tuesday
Microsoft releases nine bulletins addressing 21 vulnerabilities in its monthly Patch Tuesday security update on 14 February Continue Reading
-
News
08 Feb 2012
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. Continue Reading
-
News
06 Feb 2012
FBI investigates Anonymous intercept of call with Scotland Yard
The US Federal Bureau of Investigation (FBI) is looking into how a conference call with Scotland Yard was intercepted by a member of the activist hacking group Anonymous. Continue Reading
-
News
01 Feb 2012
Fewer than a third of UK organisations plan mobile security projects
Despite the media hype around the adoption of mobile technologies and the need to secure them, relatively few UK organisations are planning mobile security projects, a survey has revealed Continue Reading
-
Feature
01 Feb 2012
When X.509 security certificates fail, servers break
Why are X.509 certificates causing computers to stop dead? Continue Reading
-
News
30 Jan 2012
MEP quits as thousands protest ACTA signing
A European MP has resigned after thousands of people in Poland protested against the international anti-counterfeiting trade agreement (ACTA) Continue Reading
-
News
16 Jan 2012
Rupert Murdoch attacks Barack Obama over online piracy legislation
News Corp chief Rupert Murdoch has accused Barack Obama's administration of siding with "Silicon Valley paymasters" as two anti-piracy bills go through US Congress. Continue Reading
-
News
13 Jan 2012
NHS Trust to appeal £375k data loss penalty
An NHS Trust is to appeal against a proposed monetary penalty of £375,000 after after patient records were stolen from a hospital and sold on eBay. Continue Reading
-
News
13 Jan 2012
Fighting fraud in government
Cybercrime has emerged as a growing threat to public sector organisations, this research from PwC reveals. Continue Reading
-
News
06 Jan 2012
Ramnit worm steals 45,000 Facebook passwords
A computer worm has begun targeting Facebook accounts and has stolen at least 45,000 login credentials from users, say security researchers. Continue Reading
-
News
06 Jan 2012
TOGAF® and SABSA® Integration
This paper by the Open Group, outlines an approach to enhance TOGAF enterprise architecture methodology using the SABSA security architecture approach Continue Reading
-
News
06 Jan 2012
The cyber-savvy CEO and growing cyber threats
This report from PwC explains why CEOs need to take the lead in protecting their organisations from the surge in cyber attacks. Continue Reading
-
Tip
19 Dec 2011
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Continue Reading
-
News
16 Dec 2011
CIOs must trade off innovation and maintenance in 2012
CIOs face major challenges in trading off stretched budgets between innovative projects and keeping the business running as usual in 2012. Continue Reading
-
News
13 Dec 2011
Special report on EMC
This 8-page special report from Computer Weekly, packed with graphs and diagrams, is essential reading for anyone considering EMC as a supplier. Continue Reading
-
News
12 Dec 2011
Cloud leaves many firewalls wanting – but could automation prove the silver bullet?
Most companies rely on firewalls, but the IT landscape is changing and so must approaches to security. Is there a silver bullet? Continue Reading
-
News
08 Dec 2011
Adobe to release out-of-cycle patch for latest vulnerability
Adobe has issued a security advisory about a newly discovered and still unpatched vulnerability in Adobe Reader and Adobe Acrobat which is being used in "limited, targeted attacks in the wild". Continue Reading
-
News
06 Dec 2011
Four things the 2012 CIO will need to focus on
As 2011 winds to a close, CIOs will already have turned their attention to 2012. What will you be doing? Continue Reading
-
News
05 Dec 2011
One in four IT security staff abuse admin rights, survey shows
At least one in four IT security staff use their privileged login rights to look at confidential information, a survey has revealed. Continue Reading
-
News
30 Nov 2011
United Nations Development Programme investigates hacking claims
The United Nations Development Programme (UNDP) is investigating claims from hacker group Team Poison that it extracted over 100 e-mail addresses and login details belonging to UN staff. Continue Reading
-
News
29 Nov 2011
Framework accelerates safety-critical defence systems development
Manufacturers and academics are collaborating in a 3.5 million project to create a software modelling framework that will speed up the development and certification of safety-critical systems used in aerospace and defence. Continue Reading
-
News
17 Nov 2011
Forensics key to effective info security, says E&Y
Intelligence-led security strategies are the most effective in eliminating vulnerabilities and preventing IP theft through enabling informed change, says consultancy firm Ernst & Young. Continue Reading
-
News
17 Nov 2011
IT security not always part of cloud decision, says IDC
Cloud adoption is outstripping security concerns, says Eric Domage, programme manager for IDC in Europe. Continue Reading
-
News
11 Nov 2011
EDF fined £1.3m for hacking into Greenpeace computers
A Paris court has fined French energy firm EDF £1.3m for hacking into Greenpeace computers to find out about the environmental group’s plans to block four planned nuclear power plants in the UK. Continue Reading
-
News
11 Nov 2011
The market landscape for print security
This report is gives an overview of the security risks of the print environment , the market landscape, best practices for a print security strategy. Continue Reading
-
Feature
08 Nov 2011
Quocirca: The market landscape for print security
This report by Quocirca analyst Louella Fernandes provides an overview of the inherent risks when operating an insecure print environment, best practice and the current market. Continue Reading
-
News
07 Nov 2011
Analysis: Intelligence key to security business case
Information security is becoming an increasingly important part of any business as the value of information assets continually grow, as do the threats from cyber crime and espionage. Continue Reading
-
Feature
02 Nov 2011
The consumerisation of IT: it’s a trickle, not a tide, but you still need to be ready
If media headlines and supplier claims are to be believed, organisations today are faced with an unstoppable tide of many different types of personal device connected to the corporate network Continue Reading
-
Feature
02 Nov 2011
The top five SME security challenges
Best practice in IT security and compliance for small and medium-sized enterprises (SMEs) is often seen as a "grudge purchase", but SMEs face the same threat as larger organisations - just without their budgets. Continue Reading
-
News
31 Oct 2011
Japan may be facing sustained cyber attack
Japan's mapping agency is the latest in a series of government agencies to be targeted by hackers, raising fears that the breaches are part of a series of sustained attacks. Continue Reading
-
News
10 Oct 2011
Symantec uses visual maps to identify e-mail-based targeted attacks
Symantec has developed a way of detecting targeted attacks through mapping e-mail patterns to identify single gang activity. Continue Reading
-
News
07 Oct 2011
85 sub-postmasters seek legal support in claims against Post Office computer system
Over 80 sub-postmasters are interested in taking legal action against the Post Office in relation to an allegedly faulty computer system. Continue Reading
-
News
06 Oct 2011
UBS systems detected $2bn rogue trader fraud, admits CEO Sergio Ermotti
UBS interim CEO Sergio Ermotti has admitted systems in the banks IT infrastructure detected the unauthorised trading of the rogue trader who cost UBS over $2bn, but nothing was done about the warning signals. Continue Reading
-
News
04 Oct 2011
Universal Credit deadline forced DWP to use “unproven” agile development
Tight deadlines left the Department for Work and Pensions with little choice but to use "unproven" agile methods to develop its £2bn Universal Credit (UC) system, said the Cabinet Office Major Projects Authority (MPA) in a confidential report obtained by Computer Weekly. Continue Reading
-
News
04 Oct 2011
GPU cracks six-character password in four seconds
A £30 nVidia GeForce GT220 graphics card is capable of cracking strong passwords in a matter of hours. Continue Reading
-
News
03 Oct 2011
Identifying the business value of SAM best practice frameworks and standards
Businesses are cautious when it comes to taking up best practice frameworks and standards that could help them manage their software assets more effectively. Continue Reading
-
News
29 Sep 2011
IBM signs £525m DWP contract to provide Universal Credit systems
The Department for Work and Pensions (DWP) has signed a seven-year contract with IBM worth £75m per year to provide systems, which will include the delivery of its flagship Universal Credit programme. Continue Reading
-
News
27 Sep 2011
How BP made its supplier ecosystem work
Oil and gas giant BP spent 65% of its $3bn annual IT budget with 3,000 suppliers in 2008, but now it outsources to only seven and has reduced its annual IT budget by $800m as a result. Continue Reading
-
Feature
26 Sep 2011
Self-encrypting drives: SED the best-kept secret in hard drive encryption security
The SED solves many common data loss problems and is easy to use and manage with minimal impact on system performance – yet relatively few businesses and governments use SEDs. Continue Reading
-
News
23 Sep 2011
Police IT not fit for purpose, police-led ICT company needs a lot of work, says Home Office report
A Home Office report into policing has labelled police IT as not being fit for purpose and made recommendations to shake up a mess of different IT systems across 43 forces which is hindering police attempts to fight crime. Continue Reading
-
News
23 Sep 2011
Anti-piracy group FAST applauds government business guide to navigating UK IP law
The government has published a guide to UK intellectual property law for businesses, providing information on IP policies; procurement of goods and services; reporting IP crime; and auditing IP. The Federation Against Software Theft (FAST) said it welcomed the initiative. Continue Reading
-
News
22 Sep 2011
Government pulls plug on ailing £11bn NHS IT programme
The troubled £11bn NHS National Programme for IT is to be axed, the government is expected to announce later today. Continue Reading
-
News
22 Sep 2011
Researchers claim to have broken SSL/TLS encryption
Two security researchers claim to have found a way of breaking the SSL/TLS encryption that is widely used to guarantee the reliability and privacy of data exchanged between web browsers and servers. Continue Reading
-
News
22 Sep 2011
SQL injection attacks increasing in number, sophistication and potency, researchers find
The prevalence and intensity of SQL injection attacks are increasing, according to Imperva. Continue Reading
-
News
21 Sep 2011
Gartner: Best defence against social media threats is monitoring and education
Blocking social media in the enterprise encourages bad behaviour by employees but does not prevent access, warns Gartner. Continue Reading
-
News
20 Sep 2011
Gartner: Keep encryption simple and standardised to cut cost and complexity
Businesses should consider self-encrypting drives (SEDs) for new installations that hold significant volumes of sensitive data, says Gartner. Continue Reading
-
News
19 Sep 2011
Defense in depth a dying philosophy: Eddie Schwartz
The approach to information security needs to evolve, says Edward Schwartz, CISO at RSA. Agility, dynamism, and fresh security paradigms a need of the hour. Continue Reading
-
News
15 Sep 2011
Cyber attacks are becoming lethal, warns US cyber commander
Cyber attacks are escalating from large-scale theft and disruption of computer operations to more lethal attacks that destroy systems and physical equipment, according to the head of the US Cyber Command. Continue Reading
-
News
14 Sep 2011
IT development underpinning Universal Credits comes under fire from MPs and experts
The delivery of Universal Credits is coming under fire as observers are casting an increasingly critical eye on the IT systems underpinning the politically sensitive project. Continue Reading
-
News
14 Sep 2011
Security update: Light Microsoft Patch Tuesday with low application impact plus critical Adobe fixes
Microsoft's September Patch Tuesday security update is relatively light with only five security updates. Continue Reading
-
News
13 Sep 2011
GlobalSign web certificate authority back online after breach by hacker
Belgian web certificate authority (CA) GlobalSign is back online after investigating claims by the hacker who breached the Dutch DigiNotar CA that its systems had also been breached. Continue Reading
-
News
08 Sep 2011
Web security certificate breach widens
GlobalSign, the fifth largest digital certificate issuer, has suspended the issuing of authentication certificates for websites after the DigiNotar hacker claimed to have breached its systems Continue Reading
-
News
08 Sep 2011
University challenge: using IT to improve services and reduce costs
Universities face a balancing act as they become increasingly expected to improve the experiences of more demanding students while making budgets go further, and IT is a critical tool in finding this balance. Continue Reading
-
News
08 Sep 2011
Nike+ problems demonstrate the risk of social media success
The rewards for creating a customer-focused online community are huge. But success comes at a price, as recent issues encountered by Nike's Nike+ running site illustrate. Matt Scott investigates. Continue Reading
-
News
07 Sep 2011
DigiNotar certificate authority breach: Why it matters
There has been much speculation around the identity and motive of the hacker who was able to breach DigiNotar and issue fraudulent digital certificates for hundreds of websites, but putting such speculation aside, what is the broader significance of the incident? Continue Reading
-
News
02 Sep 2011
ICO slams Scottish Children’s Reporter Administration for data breaches
The Information Commissioner's Office has criticised the Scottish Children's Reporter Administration for twice leaking sensitive personal information about young children in breach of the Data Protection Act. Continue Reading
-
News
30 Aug 2011
Orange restores broadband customers' e-mail account access but loses data
A problem with Orange e-mail – which locked out broadband customers – has been partly fixed as access to the accounts is restored, but weeks of e-mails may be lost. Continue Reading
-
News
30 Aug 2011
Facebook pays security bug bounty hunters $40,000 in three weeks
Facebook has revealed its security bug bounty initiative has paid out more than $40,000 in just three weeks – but has not revealed how many security vulnerabilities have been reported or how many have been fixed. Continue Reading
-
News
26 Aug 2011
Lack of soft skills training is curbing IT career progression
Employers are failing to provide IT professionals with the business... Continue Reading
-
News
23 Aug 2011
Why major IT projects are more likely to fail than any others
Major IT projects are 20 times more likely to fail than other business initiatives because project managers are ignoring unpredictable events, says a major research study by Oxford University. Continue Reading
-
News
22 Aug 2011
Failed IT projects demolish big businesses and executive careers, say researchers
IT projects spinning out of control in the public and private sector are ending the careers of senior executives and causing entire businesses to collapse. Continue Reading
-
Feature
19 Aug 2011
IT and marketing: working together for business success
The IT department builds things that scale and last, while marketing wants the next big thing - and needed it yesterday. How can heads of technology work effectively with marketing? Cliff Saran investigates Continue Reading
-
News
19 Aug 2011
What does HP's Autonomy acquisition mean for the UK tech sector?
HP's bombshell announcement that it is to acquire Autonomy has left many questioning where this leaves the UK software industry. Computer Weekly asks the experts what the deal means for UK home-grown tech talent and what HP is likely to achieve with the latest addition to its portfolio. Continue Reading
-
News
19 Aug 2011
Customers may think twice about HP as PC business looks uncertain
As HP announces a major shake-up of its product range and services, analysts warn customers could think twice about HP contracts as a result of uncertainty surrounding its PC business. Continue Reading
-
News
18 Aug 2011
NHS trusts already planning a way out of National Programme contracts
NHS trusts in the National Programme for IT's beleaguered southern region have already begun drafting specifications for systems that may replace those supplied under the controversial project. Continue Reading
-
Feature
16 Aug 2011
IPv6: The security risks to business
IT security professionals say the security holes that will open up in many business organisations as the world moves over to internet protocol version six (IPv6) constitute a substantial security concern Continue Reading
-
News
16 Aug 2011
Information Commissioner calls for more privacy improvements at Google
The Information Commissioner's Office says an audit at Google's London office shows the company has taken reasonable steps to improve its privacy policies, but could do more. Continue Reading
-
News
10 Aug 2011
Adobe issues security updates for Flash, Shockwave, Photoshop and RoboHelp
Adobe has issued fixes for vulnerabilities in Flash, Shockwave, Photoshop, RoboHelp and Flash Media Server in the latest security update. Continue Reading
-
News
09 Aug 2011
Ten-year-old hacker exposes exploitable flaws in Apple and Android games
A 10-year-old Californian hacker has exposed a new type of security vulnerability in many mobile games at a hacker conference in Las Vegas. Continue Reading
-
News
09 Aug 2011
Blackberry to co-operate with police after youths used BBM to organise riots
Research in Motion has said that it will co-operate with the police after it was revealed that London rioters used Blackberry Messenger rather than Twitter to organise looting sprees across the capital, with violence later spreading to Birmingham, Liverpool, Nottingham and Bristol. Continue Reading
-
News
08 Aug 2011
Customer data privacy program poised to roll out at Airtel
Airtel’s customer data privacy program will roll out in phases. With the pilot almost completed, Airtel is confident of meeting data privacy regulations. Continue Reading
-
Tip
08 Aug 2011
Best practices for audit, log review for IT security investigations
Device logs can be one of the most helpful tools infosec pros have, or they can be a huge waste of space. Continue Reading
-
News
08 Aug 2011
US standards body issues warning to energy suppliers over cyber attacks
A US energy industry standards body has warned suppliers to improve their defences against cyber attacks. Continue Reading
-
News
08 Aug 2011
Toxic National Programme for IT contracts to be housed under one body
Billions of pounds of toxic IT contract exposures at the Department for Health could be housed under one central unit, according to reports. Continue Reading
-
Tip
05 Aug 2011
NIST SP 800-30 standard for technical risk assessment: An evaluation
Risk assessment with NIST SP 800-30 focuses on securing IT infrastructure. Find out NIST SP 800-30 strengths, and learn how it differs from other standards. Continue Reading
-
News
02 Aug 2011
NHS trust forced to adopt National Programme patient records system or face £8.8m fine
An NHS trust was forced to buy care records software through the National Programme for IT or face the threat of an £8.8m fine - even though it had a longstanding supplier in place. Continue Reading