to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News - Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y		 We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX - BCS Security Forum
'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example
A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use
basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

News - a Roundup of all News Items between July 2006 and August 2006, Newest First

 

Current News Updates compliance and privacy

An archive of all the news items between July 2006 and August 2006 on Compliance and Privacy

To avoid long load times news is archived periodically. If you can't find what you are looking for on this page please refer to our archives. Please use the search engine for ease of retrieval.

Main News page | Archives: (oldest) 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 (most recent)

FFIEC Deadline Approaching for Financial Institutions

The Federal Financial Institutions Examination Council (FFIEC) Guideline requiring all financial institutions to outline a plan or begin implementation of multi factor authentication tools by the end of 2006, has many organizations scrambling to evaluate vendors and finalize plans. Through into the mix the recent announcement of EMC to acquire RSA, which adds to the confusion and frustration felt by institutions taxed with ongoing compliance decisions and deadlines.

View the 47 minute Webcast and also Download the White Paper

Monthly Threat Summary

Microsoft Corp. Security Bulletin set a record in terms of the total number of vulnerabilities addressed and the number of vulnerabilities labeled as Critical (15 this month as opposed to 11 last month). Of these vulnerabilities, security experts consider MS06-040 to be the most critical and it should be patched immediately.

Read the article

Baiting the hook

Back when Frank Abagnale Jr, subject of the film Catch Me If You Can, was on the run, being an international fraudster seemed to involve swanky hotels, beautiful women and staying one step ahead of the authorities. Nowadays things are a lot more ruthless. Modern phishers rely primarily on social engineering techniques to defraud their victims, exploiting their trust in order to breach security measures and steal customer details.

They use similar techniques to spammers in order to find their targets, harvesting names and addresses from computers infected with worms and viruses. Direct fraud losses from online phishing scams in the UK almost doubled in 2005 to £23.2million, according to statistics from the Association for Payment Clearing Services (Apacs).

“Phishing has evolved. Phishing organisations are behaving like the marketing departments of large organisations. Just like you get targeted marketing from your supermarket, they're starting to target particular people,” says David Porter, head of security and risk at Detica.

This extract is from Financial Sector Technology and their copyright is acknowledged. For the full article please read on

Barclaycard clears Datanomic to help meet regulatory deadlines

Datanomic, the pioneers of integrated data quality management solutions, has been selected by Barclaycard to supply a software solution for screening clients against commercial Sanctions and PEP watch lists. The Datanomic dn:Match software will be installed at Barclaycard sites in the UK, North America and Africa. The first phase of this contract is operational with remaining phases due for completion before September.

Read the article

Cisco further blurs technology lines with video purchase

Cisco is slowly but surely moving from the server rooms to the living rooms with its latest gem: Arroyo Video, a software company which manages video-on-demand (VOD) services. Late last year, Cisco made a bold move by shelling out $6.9 billion to purchase Scientific-Atlanta (S-A) – the other half of the set-top box duopoly (with Motorola). These two investments and other incidental purchases along the way aim to fortify Cisco's position in the digital home.

Read the Article

IBM's acquisition of ISS supports convergence theories

Everybody was chanting “convergence” when Symantec joined forces with Veritas and then again when EMC united with RSA. IBM's gobbling up of Internet Security Systems (ISS) last week almost appears to be a self-fulfilling prophecy. ISS is a leader in network security and managed security products, of which MSS accounts for 20-25% of its total revenue.

Read the Article

Financial services firms over spend to meet new compliance laws

Almost half of financial institutions (49 per cent) are exceeding the expected cost of implementing compliance solutions, according to a study by PMP Research. The research shows 13 per cent of financial services firms have reacted to a wave of new compliance by considerably exceeding their budget. The report shows an effective technology strategy is vital component to a solution for over spending. While 36 per cent of organisations have met their targets, none have come in under budget. The report shows 92 per cent of companies prefer to use in-house expertise as the main route to develop ‘best practice' for governance and compliance. And 72 per cent source information from industry bodies, while only 62 per cent approach external consultants.

Read the Computing article

40% of Fraud Alerts Don't Propagate

We're highlighting this item from the Emergent Chaos blog which we carry:

Debix is reporting that 40% of fraud alerts don't propagate between all three major credit agencies. You remember those fraud alerts? They're supposed to protect you from identity theft, right? Well, let me let you in on a secret.

Identity theft is the best thing to happen to the credit agencies since the creation of the SSN.

Identity theft helps them sell more products, like identity verification tools, to their customers. It creates a new line of consumer business, people who will often happily pay them $10 a month to tell you what lies they're spreading about you.

Is it any wonder that the alerts don't propagate? Is it any wonder that they've been sitting on this knowledge?

I'm very excited about the emergence of companies like Debix, who are not responsible for the problem, but are helping us understand and fix it.

ID Security Company Finds Snags in Fraud Alert System

Consumer advocates have long complained that the fraud alert system mandated by Congress in 2003 as a consumer's first line of defense against identity theft does not always work properly. So a company seeking to enter the market for identity theft prevention services recently recruited 54 data security and privacy experts to test the system. They claim to have found some kinks, although the credit reporting agencies beg to differ. Julie Fergerson, vice president for emerging technologies at Debix, the company that produced the study, said that in 40 percent of the cases she examined, it appeared that fraud alerts had failed to put all the reporting agencies on notice to prevent new credit accounts, loans and other debts from being opened in a consumer's name without a verifying phone call from the creditor.

Read the New York Times Article

IBM to Acquire Internet Security Systems Inc.

ARMONK, NY and ATLANTA, GA – August 23, 2006: IBM (NYSE: IBM) and Internet Security Systems, Inc. (NASDAQ: ISSX) today announced the two companies have entered into a definitive agreement for IBM to acquire Internet Security Systems, Inc., a publicly held company based in Atlanta, Ga., in an all-cash transaction at a price of approximately $1.3 billion, or $28 per share. The acquisition is subject to Internet Security Systems, Inc. shareholder and regulatory approvals and other customary closing conditions. The transaction is expected to close in the fourth quarter of 2006.

Internet Security Systems (ISS) provides security solutions to thousands of the world's leading companies and governments, helping to proactively protect against internet threats across networks, desktops and servers. ISS software, appliances and services monitor and manage network vulnerabilities and exploits and rapidly respond in advance of potential threats. This acquisition advances IBM's strategy to utilize IT services, software and consulting expertise to automate labor-based processes into standardized, software-based services that help clients optimize and transform their businesses.

Read the Article

MiFID Connect to Influence MiFID implementation

A group of 11 UK trade associations have banded together to influence the way the European Union's Markets in Financial Instruments Directive (MiFID) is implemented following fears that City regulators could take an "overly stringent approach" to the new measures, says the FT.

According to the Financial Times report, the associations party to the "highly unusual co-operative effort" include the Association of British Insurers, the British Bankers' Association (BBA), the Investment Management Association (IMA) and the London Investment Banking Association (Liba).

MiFID, which takes effect in November 2007, has been finalised in Brussels but uncertainty remains over how the UK's Financial Services Authority (FSA) will interpret the directive.

The FT says the 11 financial trade associations, which have formed an entity called MiFID Connect, are lobbying to establish a "practical, cost-effective and market-sensitive policy" on the directive's implementation. They hired law firm Clifford Chance to compile a 'Mifid Survival Guide', which is on sale for £1100.

Read the article

The United Kingdom Data Protection (Processing of Sensitive Personal Data) Order 2006

The UK Data Protection (Processing of Sensitive Personal Data) Order 2006 sneaked onto the United Kingdom statute books without any great fanfare on 25 July 2006. It allows the Police to pass details of cautions and convictions relating to certain offences of viewing child pornography over the internet, to banks and card providers, so that they can cancel the credit/debit/charge cards that were used in purchasing such images.

Read the article

The 'Secure the Trust of Your Brand' survey: "security can have consequences for corporate brands".

In the U.S. last year, over 52 million account records were reportedly stolen or misplaced; in 2006, reports of security breaches continue.

In the light of this, 2,200 consumers were asked how corporate security practices affect their purchase patterns. Conducted by the Chief Marketing Officer (CMO) Council and the Business Performance Management (BPM) Forum, and underwritten by Symantec and Factiva, the survey found consumers are increasingly keeping tabs on corporate security news.

Approximately 90 percent of respondents said that security is a concern to them, and 50 percent said that they have recently become more concerned about security than before.

Symantec announces plans to exit the security appliance business

During their  recent  Q2 earnings call Symantec CEO John Thompson confirmed that the company plans to exit the UTM (Unified Threat Management) security appliance business.  "We've discontinued new hardware development on our network and gateway security appliances," he explained. "This will enable us to invest more in higher-growth areas, such as enterprise messaging and compliance-related markets."

In general the move signals a continued change in focus following the Symantec's purchase of Veritas.

Security Breaches - Around 80 per cent affected!

Two new surveys on security breaches have just been published - and they make difficult reading particularly given the increasing tide of security breach legislation in the US and the activities of data protection officials in Europe.

The first published by Deloitte, found that 78 per cent of the worlds top 100 financial services organizations surveyed admitted to a security breach from outside the organization. In a similar survey in 2005 only 26 per cent admitted to having suffered a breach. The survey also found that nearly half of the organizations experienced at least one internal breach, up from 35 per cent in 2005. In response, 95 per cent of enterprises said their information security budgets have increased in the past year.

Read the article

Ad dishes up malware to more than 1M PCs

More than 1 million users of MySpace.com and other Web sites may have been infected with adware spread by a banner advertisement, according to iDefense, a computer security group, as reported in Computerworld.

The advertisement, for a site called deckoutyourdeck.com, appeared in user profiles on MySpace, an online community with at least 70 million users, said Ken Dunham, director of the rapid response team at iDefense, which is owned by VeriSign Inc.

The ad exploits a problem in the way Microsoft Corp.'s Internet Explorer browser handles Windows Metafile (WMF) image files.

Compliance and Privacy Newletter - 27 July 2006

In this issue:

  • An Analysis of New Security Features Within Microsoft Vista and Internet Explorer 7 - iDefense Webcast
  • Emergent Chaos
  • What direction for RSA after EMC's takeover?
  • Ad dishes up malware to more than 1M PCs

Click Here for the Newsletter

What direction for RSA after EMC's takeover?

In an article in American Banker, RSA Security Inc. says its consumer online banking security business would not be changed after the vendor sells itself to the data storage company EMC Corp.

“RSA will continue to build and invest in this business, as both companies believe that the protection of online consumers’ identity is a burgeoning business that is just beginning to take off,” said Art Coviello, RSA’s president and chief executive, said in a presentation to analysts after the deal was announced.

Joe Tucci, EMC’s chairman, president, and chief executive, said RSA’s customers should not worry that this plan would change its focus. He said he hopes to use RSA’s technology to improve his company’s data storage products.

Compliance and Privacy Newletter - 13 July 2006

In this issue:

  • SWIFT accused of Privacy Breaches
  • Who Steals My Name
  • VeriSign Security Review for June 2006
  • Do you test on Live Data? It's illegal!
  • Tim Berners Lee's Blog
  • Voice-over-Internet Protocol Vulnerabilities - an iDefense Webcast
  • Webcast - How IE 7 and High Assurance SSL Certificates Will Impact Your Site
  • UK Information Commissioner issues Enforcement against b4usearch.com

Click Here for the Newsletter

Using RFID Technology to Fight Counterfeit Entertainment Products

In RFID Journal article about the recent Entertainment Supply Chain Academy held in Los Angeles, it was reported that RFID technology vendors OATSystems, ADT, and VeriSign described different ways supply chain partners in the entertainment industry could deploy RFID to increase efficiencies and data accuracy. Paul Mackinaw, VeriSign's principal consultant, noted that movie studios and other producers of entertainment media could leverage RFID technology not just for improved supply chain operations, but also for authenticating product as a means of fighting counterfeit products. It could also serve as a tool for ensuring that retailers introduce new titles to the sales floor on the appropriate release date, not before or after.

"Craigs List" lookalike for Global terrorism

U.S. intelligence agencies have begun monitoring a frightening new Web site that functions as a "Craig's List" for terrorists across the globe, according to the Washington Post.

In the past month, membership on the site has grown by 200 people a day, and it swelled to 10,322 in the days and weeks following the announcement that mystery man Abu Hamza al-Muhajir was named as the new leader of al Qaeda in Iraq.

A man with a similar name is listed as the administrator of the Web site, called Mohajroon.com, and his caricature pops up when outsiders try to access secret members-only sections, according to Andretta Summerville of the cyber security firm iDefense.

The Web site has been functioning as a one-stop shopping place for terrorists, wannabes and their supporters around the world and appears to serve as an important part of the support network for the murderous al Qaeda in Iraq, Summerville said.

Making the Web Secure

In an Investor's Business Daily article, Phillip Hallam-Baker, principal scientist for VeriSign, was questioned how to make the Web secure. In an age of rampant identity theft, Phillip says some accountability measures are needed.

Phillip said, “If we're going to stop people from sending vast amounts of spam, there's got to be an accountability mechanism. We cannot practically hold individuals — 1 billion people — responsible. That would impinge on privacy and would be impractical. What we can do is hold the Internet service providers accountable who are providing those people with service. There's been a successful campaign to persuade Internet service providers to limit the amount of data an individual can put into the e-mail system. There's a clear difference between (sending) 300 e-mails an hour and a million an hour, which is what a botnet (a network of computers controlled by hackers) can be pumping out.”

VeriSign Announces Plan to Further Enhance .com and .net Constellation with Regional Internet Resolution Site in Bulgaria

Distributed Infrastructure to Provide Even Greater Security and Stability for Growing Number of Bulgarian Internet Users

VeriSign announced on 4th July 2006 a plan to enhance its global constellation of geographically-dispersed Internet Resolution Sites by installing and operating a Regional Internet Resolution Site in Sofia, Bulgaria. The announcement is another important step in VeriSign's effort to expand critical Internet infrastructure in regions of emerging growth.  Once fully implemented, the site will improve Internet performance for the over 2 million Internet users in Bulgaria.

UK Information Commissioner Enforces against B4usearch.com

Web business b4usearch.com has fallen foul of the wrath of Richard Thomas, the United Kingdom Information Commissioner over the processing of personal data on their website. The Information Commissioner's Office (ICO) has ordered the website b4usearch.com to stop using personal information from electoral registers published before 2002, after finding the site in breach of the Data Protection Act. B4U is a company based in Birmingham in the UK.

Mick Gorrill, Head of Regulatory Action at the ICO, said: “We take breaches of the Data Protection Act very seriously. As this case demonstrates, we will take action against organisations that don't process personal information in line with the requirements of the Act and cause significant concern to individuals. People have an important right under the Data Protection Act to know that their personal information is sufficiently protected.”

Read the article

Live Data Testing is Illegal

“But it can't be. And anyway, we have rigorous security in place”. Regrettably that is the attitude of many hard pressed CIOs today. The business pressures speedy delivery of tested software, and live data tends to be the data with the “best” hidden gotchas, or so CIOs have always believed. But that doesn't make it lawful.

Starting with the stringent Data Protection regulations in the European Community, and spreading worldwide, the law says, very simply, that the individual whose data record is processed must know the purpose of the processing. And it goes on to say that you may not process that data for any additional purpose without the individual's consent.

Read the article

Who Steals My Name

It begins with a small theft. Someone breaks a car window, grabs a laptop computer lying on the back seat, and disappears into the darkness with the machine. Unfortunately, that laptop belongs to the global sales manager of your company. And now you - and she - have some big problems, because that laptop contains the ID and password used to access your company’s customer relationship management (CRM) system. This CRM system
contains a lot of sensitive information, and none of it is encrypted. Among the sensitive information: a complete profile of your company’s customers around the world, the customers’ credit card numbers, and the customers’ passwords for your company’s ecommerce website

This ACCA document covers what you needs to do and to have in place to handle this emergency

EMC to acquire RSA

All industries have periods of consolidation, but who would have thought that a storage giant would buy a security corporation? At Compliance and Privacy we have a huge interest in security. And we felt some perspective on the deal would be useful

Read the article

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.