Editor's News

The Information Commissioner’s Office (ICO) is to deploy self assessment forms later this year.   Speaking at the launch of its 2013/2014 annual report this week, deputy chief executive officer Simon Simon Entwisle said it was “rolling out self assessment forms to help you look at your own compliance”.   He said: “People need to keep up to date with security, as it is not enough to say ‘we had some measures in place’; they...

Australian retailer Catch of the Day has reported that it suffered a security incident in 2011 which may have compromised encrypted (hashed) passwords and some credit card data. According to a statement posted on its Twitter feed but not available on its website, the retailer said that the “illegal cyber attack” occurred in 2011 and only affects users that were registered to the site prior to May 7th 2011. It said: “An illegal cyber attack in early 2011 saw hashed...

The development of the Cyber Essentials assessment standard was necessary after a call for standards did not offer anything “to make a practical difference and reduce the UK attack surface”.   Speaking at the IT Governance conference in London, Richard Bach, assistant director of cyber security at the Department of Business, Innovation and Skills, said that the concept came from the Cyber Security Strategy to “encourage industry-led standards and guidance” and after viewing 25 submitted...

The Cyber Essentials assessment has been described as a good starting point, but it should be seen as the bare minimum and not just an effort to meet Government contracting requirements. Speaking at IT Governance's conference in London, Alan Calder, founder and CEO at IT Governance, said that while he welcomed it, Cyber Essentials was only giving “the minimum level of implementation” but the benefits of implemnentation were survival as most companies do not deal...

GCHQ apparently worked on methods to increase website hits, send repeated text messages and find private pictures of targets on Facebook.   According to a release by whistleblower Edward Snowden, some of the schemes are listed as being operational while others are said to be still at the design, development or pilot stages. In a statement, GCHQ told BBC News that it was not at fault, and its policy was not to comment on intelligence...

Incident response is often an afterthought and responsibilities are often unclear.   Speaking to IT Security Guru, Christian Toon, head of information risk at Iron Mountain, said that with a quite significant technical data breach, it is often not clear where the responsibility lies.   He said: “There is a gap between intent and action, so organisations know they need to do something but they are not following it through; everyone is struggling regardless of...

The Information Commissioner’s Office (ICO) suffered a “non-trivial data security incident” within the last 12 months. In the same week that it released its 2013/2014 annual report, Information Commissioner Christopher Graham said that there was one “non-trivial data security incident” that was treated as a self-reported breach. He said: “It was investigated and treated no differently from similar incidents reported to us by others. We also conducted an internal investigation.” The ICO, which can levy...

An efficient Information Commissioner's Office (ICO) that is well prepared for the future with adequate power and funding is needed for the UK.   Speaking at the launch of its 2013/2014 report, which it titled as “effective, efficient and busier than ever”, Information Commissioner Christopher Graham said he felt that the ICO was “doing a good job if it was helping organisations understand and receive a fair and efficient response”.   Graham said that the...

The Information Commissioner's Office (ICO) has admitted that an increase in major breaches has led to an increase in amount of work had to be done during the year.   Speaking at the launch of the 2013/2014 report in London, deputy chief executive officer Simon Entwisle said that despite that, there had been an 8.5 per cent in the number of cases cleared in data protection cases as it worked with different organisations in different...

A third of organisations experienced more than two “significant” security incidents in the past year. The survey of 1,600 IT information security decision makers in organisations of more than 500 employees, conducted by ForeScout, found that while the majority of IT organisations were aware that some of their security measures were immature or ineffective, only 33 per cent had high confidence that their organisations will improve their less mature security controls. Also on aggregate, one...