Security newsround: January 2019
We round up interesting research and reporting about security and privacy from around the web. This month: the security year in review, resilience on rails, incidents in depth, phishing hooks millennials, Internet of Threats, and CISOs climbing the corporate ladder. A look back at cybercrime in 2018 It wouldn’t be a new year’s email without […]
Health research and the issue of consent
By 30 April of this year, any organisation conducting health research in Ireland must either get consent to GDPR standard or else obtain a consent declaration. But in order to do the former, they need to know what explicit informed consent is (also known as GDPR-level consent). The problem is, a lot of people don’t […]
Embedding better security culture beyond awareness
Listening to Ira Winkler’s presentation at this year’s Irisscon conference, one of his comments struck a chord. “The right culture is that you don’t need a good security awareness programme because a new employee sees how everyone behaves, and they behave exactly like them,” he said. By way of example, he recalled an incident from […]
Nine for 2019: New Year tips for cybersecurity and privacy professionals
A new year is almost upon us, and that means one thing: resolutions. Easily made, even more easily broken, they’re nevertheless a useful way of setting goals for the next 12 months. We asked Brian Honan, Tracy Elliott, Sarah Clarke, Valerie Lyons and David Prendergast to share their tips for information security practitioners and privacy […]
Yule never believe it: we sleigh the myth about GDPR and Santa
So we’ve all seen the jokes on WhatsApp and Facebook about Santa’s lack of GDPR compliance and how this would all be changed for Christmas 2018. You know the one: He’s making a list He’s checking it twice He’s gonna find out who’s naughty or nice Santa Claus is in contravention of article 4 of […]
Data protection impact assessments for health research: what’s changed under GDPR?
Since GDPR came into effect on 25 May this year, the health regulations have been updated to incorporate more stringent requirements around protecting personal information during healthcare research. The newly updated Health Research Regulations 2018 have raised the bar for carrying out a data protection impact assessment (DPIA). This post is the first in a […]
Security newsround: November 2018
We round up interesting research and reporting about security developments from around the web. This month: blaming the user (or not), passwords, protecting data and privacy, and security leadership (or the lack of it). The blame game Who’s to blame when poor passwords lead to breaches? That was a matter for debate among the respected […]
Beyond governance, risk and compliance: privacy, ethics and trust
We are currently experiencing the fourth industrial revolution (FIR), characterised by a blurred fusion of all things physical, digital and genomic. Each revolution has been accompanied by a privacy legislation wave, linking its governance to the accelerating pace of change. So we find ourselves in the fourth privacy wave, where technological changes outpace regulation – […]
The value in vulnerability assessments: closing gaps to improve security
Vulnerability assessments usually involve using automated tools such as Nessus or Qualys to carry out a passive scan of an organisation’s systems. The process produces a list of security gaps and ranks them in order of risk. It gives an organisation clear data to guide the process of deciding which issues to prioritise first based […]
UK NCSC chief highlights resilience as key to better security
Here’s a question for security professionals to ponder: why are we only ever a few clicks away from disaster? It’s inspired by a recent presentation in Dublin by Ciaran Martin, CEO of the UK National Cyber Security Centre. On a visit to Dublin earlier this month, the UK’s cybersecurity chief stressed the importance of building […]