to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

White Papers Relevant to Compliance and Privacy

compliance and privacy

On this page you will find a growing range of white papers produced or sponsored by VeriSign. Please feel free to download these as often as you wish. New white papers are added on a regular basis.


VeriSign® Intelligent Infrastructure for the 21st Century

Throughout history, infrastructures for the transport of goods, services, and information (such as the rail system, electric utilities, air travel, and telephony) have had an enormous impact on society and the global economy. These infrastructures have helped to drive profound growth in productivity, incomes, and standards of living by reducing the barriers of time and distance and enabling people to interact, communicate, and conduct commerce in ways that were previously impossible.

This paper traces the development of such transport infrastructures, as well as the overlai intelligent infrastructures (such as the telegraph, Supervisory Control and Data Acquisition systems, air traffic control, and telecom signaling systems) that have proven necessary for
the transport infrastructures to reach their full potential. The authors use these historical examples to draw insights into the future development of the Internet and emerging digital infrastructures.

The authors observe that most transport infrastructures exhibit several common development trends. First, such infrastructures have traditionally taken about thirty years to build out. Second, at some point, generally ten years into deployment and broad-scale adoption, transport infrastructures reach a critical level of usage and complexity, requiring an overlay of intelligence for significantly improved communication, coordination, and fulfillment. The authors define the systems that provide this intelligence layer as “intelligent infrastructures.” Third, once the intelligent infrastructure is deployed, growth in the underlying transport infrastructure generally accelerates through an inflection point, laying the foundation for several additional decades of growth in both the transport infrastructure and the overall economy. These gains almost always dwarf the gains made prior to the
introduction of the intelligence layer.

The authors then argue that we are about to reach a similar inflection point in the deployment of the emerging digital infrastructure. This is being driven both by the burgeoning usage of the infrastructure, and the corresponding issues of complexity associated with its broad adoption, including: a) the proliferation of applications, devices, and protocols; b) the use of the infrastructure for increasingly critical economic applications; c) the convergence of predecessor infrastructures; and d) a host of new security and regulatory concerns.

The authors then posit that as a result there is a need for significantly enhanced intelligent infrastructure and introduce six critical characteristics that the new intelligent infrastructure must exhibit: scalability, interoperability, adaptability, reliability, security, and visibility. The paper concludes with illustrations of the role that Intelligent Infrastructure Services are playing - and will continue to play - in enabling such new applications as Voice-over-IP (VoIP), Radio Frequency Identification (RFID)-enabled supply chains, and digital content delivery systems.

Download the whitepaper

  VeriSign® Intelligent Infrastructure for the 21st Century - a Point of View paper

VeriSign® Intelligent Infrastructure for Security

In the 21st century, online activity has increased exponentially, as organizations have grown increasingly reliant on the Internet for collaboration and commerce, and as people all over the world are accessing online services using a growing number of devices including PDAs and cell phones. However, this increased usage has been accompanied by a significant growth in the scope and complexity of network threats. To remain protected against these emerging, multifaceted threats, organizations cannot solely rely on individual point solutions, as ensuring their intercompatibility can be both costly and inefficient. In addition, organizations need extensive visibility into emerging threats, in order to prioritize remediation efforts, and they need to be able to use a wide variety of security credentials, such as tokens, smartcards, and certificates. This paper discusses the importance of leveraging intelligent infrastructure to provide security services that offer vigilant intelligence monitoring, robust threat prioritization, seamless interoperability, and the ability to immediately respond to crises 24/7.

Download the whitepaper

  VeriSign® Intelligent Infrastructure for Security

VeriSign® Intelligent Infrastructure: An Overview

We are living in an era defined by unprecedented access to information. People all over the world are accessing the Internet and corporate intranets via multiple desktop PCs, laptops, handheld computers, and cell phones. Organizations are exchanging critical information via increasingly sophisticated collaborative systems, and consumers are demanding immediate access to richer and richer content, including applications, games, music, videos, and images.

To serve this growing demand, enterprises, operators, publishing companies, and other organizations are relying on intelligent infrastructure services such as cross-platform mobile-content delivery platforms, multiple-credential authentication solutions, and realtime publishing tools, to mitigate the complexities of delivering digital services while garnering the greatest possible returns. Intelligent infrastructure services can enable important transactions, establish connections, protect data, and safely distribute critical information across myriad protocols and devices. In large part, the world’s most critical digital interactions rely on intelligent infrastructure services provided by VeriSign.

VeriSign operates intelligent infrastructure services that enable and protect billions of interactions every day across the world’s voice and data networks. With a strong heritage in operating Internet infrastructure, providing industry-proven security services, and delivering a full spectrum of communications solutions, VeriSign operates intelligent infrastructure services that can provide the necessary interoperability, scalability, and security to meet today’s unprecedented demand for information. In addition, VeriSign services are delivered by specialized teams of experts. VeriSign intelligent infrastructure services are supported by the following core components:

  • Global Registries
  • Extensive, Reliable Networks
  • Continuously Operated Data Centers

In this paper, we provide an overview of our intelligent infrastructure capabilities, describing how these components operate in tandem to support individual VeriSign intelligent infrastructure services. Because VeriSign is a rapidly growing company that is continuously expanding its services and infrastructure, what follows is not a comprehensive list; for the latest information, please visit www.verisign.com or consult a VeriSign representative directly.

In addition, VeriSign is continuously developing its services to enable new forms of digital transactions and address a rapidly changing technological landscape. We invite the reader to imagine new ways in which the components of our intelligent infrastructure can be integrated, and new uses for our intelligent infrastructure services.

Download the whitepaper

  VeriSign® Intelligent Infrastructure Overview

VeriSign® Identity Protection Fraud Detection Service

Identity theft and fraud are growing problems for Internet businesses, affecting the cost of doing business, heightening consumer concern, and inviting government regulation. In a 2003 survey, the Federal Trade Commission (FTC) estimated that identity theft and account fraud cost businesses an average of $10,200 per incident.

In 2005, the FTC found that 55% of all fraud originated from web sites or email. A recent survey of US households by Forrester Research showed that 36% of consumers have scaled back their purchase of goods and services online because of security concerns. Government regulations, such as the recent FFIEC guidance on Authentication in an Internet Banking Environment, which is aimed at US financial services ompanies, have put even more urgency around evaluating and adopting stronger authentication.

The best way to prevent identity theft and fraud is through a layered approach. A critical layer in this type of approach includes fraud detection – risk-based authentication.

Download the whitepaper

  VeriSign® Identity Protection Fraud Detection Service

The Life of a Threat - Video on Cyberthreat Management

Watch the Life of a Threat Video and learn how VeriSign® Managed Security Services (MSS) brings together the people, processes, technology, and intelligence to:

  • Proactively manage risk
  • Monitor compliance
  • Identify and mitigate security threats - in real time

By identifying and understanding security threats, VeriSign MSS   is uniquely qualified to help you protect your business.

Select medium and watch this 6 minute video

  Life of a Threat

Optimizing Enterprise Information Security Compliance

Businesses are required to perform a number of annual audits and assessments, a number that is increasing at a dramatic rate. The information security requirements of these multiple audits are increasing as well, both in number and complexity. Such pressures incur costs as well, in terms of investments in the necessary technology, processes, and resources needed to comply with and support multiple audits. VeriSign®Global Security Consulting helps companies streamline their compliance and auditing efforts by reducing duplication of effort across multiple audits and by ensuring that companies properly prepare and organize documentation for quick and efficient compliance auditing. The
consulting team leverages industry-leading experience and expertise and acts as a trusted advisor to build programs and processes specifically geared toward facilitating compliance with regulatory and partner requirements and to provide objective advice on security processes and technology. Using VeriSign Global Security Consulting services to optimize information security compliance and auditing, clients can minimize risk, focus on core business goals, and confidently pursue new business opportunities.

Download the "Optimizing Enterprise Information
Security Compliance" White Paper

  Strong Security on Multiple Server Environments

Strong Security on Multiple Server Environments

In today's businesses, electronic communication is a central part of the everyday flow of information, and privacy is a top priority. Whether your company conducts sales over the Internet or hosts a company-specific network, you want to know that your communications are safe from unauthorised interference.

For information exchange between servers and client browsers and server-to-server, load balancing devices and SSL accelerators, SSL Certificates from VeriSign, Inc. have become recognised as the bottom line in security. Working with the Secure Sockets Layer (SSL) protocol for encryption, SSL Certificates protect businesses against site
spoofing, data corruption and repudiation of agreements. They assure customers that it is safe to submit personal information and provide colleagues with the trust they need to share sensitive business information.

Download the "Strong Security on Multiple Server Environments" White Paper

  Strong Security on Multiple Server Environments

Open Authentication:
A Vision for Strongly Authenticating All Users, All Devices, and All Applications Across All Networks

Although strong identity credentials are crucial to the continued growth and vitality of online business, the expense and complexity of strong authentication solutions frequently impede their adoption. To address this issue, a new vision for strong authentication has emerged. Based on the open authentication roadmap espoused by the Open Authentication (OATH) industry partnership, this vision calls for the creation of a common, open- standards-based authentication platform, where enterprises can authenticate all users, all devices and all networks, all the time. VeriSign has embraced this vision to help enterprises more freely cultivate new business opportunities, embrace advanced technologies, and move strategic processes online. Leveraging the dynamic strength of its infrastructure, technology, data and intelligence resources, VeriSign's coming generation of strong authentication services moves authentication to a “network services” architecture that promotes ubiquitous adoption of strong authentication by reducing complexity and lowering total cost of ownership.

Download the "Strong Authentication " White Paper

  How to Set up a Secure eCommerce Site

Preview Chapter from "Web Security 2005"

The book is not yet published, but we've been given permission by our sponsors to make a preview available of one of the chapters. Still even unedited, we have Suheil Shahryar's chapter here for you as a special preview.

2005 saw the most computer security breaches ever, subjecting millions of online users to potential identity fraud. According to a report published by USA Today on 29 December 2005, over 130 major intrusions exposed more than 55 million Americans to the growing variety of fraud as personal data like Social Security and credit card numbers were left unprotected. The US Treasury Department said that cyber crime has now outgrown illegal drug sales in annual proceeds, netting an estimated $105 billion in 2004.

In this chapter, we take a close look at the top threats and trends of 2005 and establish a forward look at 2006, including:

  • the evolution of Internet crime;
  • key security threats of 2005;
  • key security vulnerabilities of 2005;
  • the business of Internet criminals;
  • security concerns for 2006.

Download Suheil Shahryar's Special Preview chapter

 

Special preview chapter


How to Set up a Secure eCommerce Site


Special preview chapter


How to Set Up a Secure eCommerce Site the Right Way

E-commerce has become an increasingly important and effective means to sell products and services. While there are many resources available that discuss the customer facing aspects of e-commerce (e.g.,Web site design, use of graphics, page layout, product presentation, promotion, etc.), this paper focuses on the back-end, behind the scenes, technology infrastructure-related requirements, necessary for online merchants to:

  • allow customers to safely and securely place orders online
  • ensure that merchants reliably process orders and receive payment
  • communicate to customers that the entire process is safe and secure

In addition, this paper will describe the services that VeriSign offers to satisfy these requirements:

  • VeriSign® SSL Certificates
  • VeriSign® Payment Service
  • VeriSign® Commerce Site Services
  • VeriSign Secured™ Seal

To maintain topical continuity, the paper is organized to discuss a specific requirement, followed directly by a description of VeriSign’s products and services that address that requirement.

Download the "How to Set Up a Secure eCommerce Site the Right Way" White Paper

  How to Set up a Secure eCommerce Site

Network Vulnerability Testing

As electronic commerce, online business-to-business operations and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage and denial-of-service (DoS) attacks. However, many enterprises overlook a key ingredient of a successful security policy: they do not test the network and security systems to ensure that they are working as expected.

Network-penetration testing - using tools and processes to scan the network environment for vulnerabilities - helps refine an enterprise’s security policy, identify vulnerabilities and ensure that the security implementation actually provides the protection that the enterprise requires and expects. Regularly performing penetration tests helps enterprises uncover network-security weaknesses that can lead to data or equipment being compromised or destroyed by exploits, Trojan horses, DoS attacks and other intrusions. (Definitions for many industry-related terms are provided in the glossary that follows.) Testing also exposes vulnerabilities that may be introduced by patches and updates or by misconfigurations on servers, routers and firewalls.

Download the "Network Vulnerability Testing" White Paper

  How to offer the strongest ssl encryption

Building an e-Commerce Trust Infrastructure

Businesses that can manage and process e-commerce transactions can gain a competitive edge by reaching a worldwide audience at very low cost. But the Web poses a unique set of trust issues, which businesses must address at the outset to minimise risk. Customers submit information and purchase goods or services via the Web only when they are confident that their personal information, such as credit
card numbers and financial data, is secure.

The solution for businesses that are serious about ecommerce is to implement a complete e-commerce trust infrastructure. PKI cryptography and digital signature technology, applied via Secure Sockets Layer (SSL) digital certificates, provide the authentication, data integrity and privacy necessary for e-commerce. Internet payment gateway systems provide online merchants with the ability to
efficiently and securely accept and process a variety of online payments from customers.

Download the "Building an e-Commerce Trust Infrastructure" White Paper

  How to offer the strongest ssl encryption

How to Offer the Strongest SSL Encryption

Most Web and network security professionals are aware of Secured Sockets Layer (SSL) Certificates and the critical part they play in comprehensive Web security platform. Yet, many of these same professionals have little or incorrect understanding of an extremely important protocol within SSL, one with the potential to radically alter the level of protection offered to any given Web site’s visitors. That protocol is Server Gated Cryptography, or SGC. Using an SGC-enabled SSL Certificate increases the encryption level available to many site visitors and in fact ensures that Web site visitors will connect at 128-bit encryption, the strongest SSL encryption you can buy.

This technical paper details the effect that SGC has on the encryption levels your site can offer to visitors. You will learn which client systems connect at which encryption levels and how you can offer the strongest available encryption to all the site visitors. Also, you will
learn where to obtain SGC-enabled SSL Certificates for your Web site.

Download the "How to Offer the Strongest SSL Encryption" White Paper

  How to offer the strongest ssl encryption

VeriSign Secured™ Seal Research Review

Did you know that 83% of online shoppers are familiar with the VeriSign Secured™ Seal. And, among these shoppers more than 4 out of 5 says it's their preferred seal. Read what consumers have to say about the VeriSign Secured™ Seal.

Download the "VeriSign Secured™ Seal Research Review" White Paper

  Verisign Secured(tm) seal research review

" What Every E-Business Should Know about SSL Security and Consumer Trust"

VeriSign SSL Certificates protect e-commerce and other private information with 128-bit encryption, the strongest SSL protection available anywhere. Obtain your FREE guide, "What Every E-Business Should Know about SSL Security and Consumer Trust.

Download the "What Every E-Business Should Know about SSL Security and Consumer Trust" White Paper

  Frost & Sullivan MSS Enterprises Outsource Network Security

"Why Enterprises Outsource Network Security"

This comprehensive white paper provides readers with information to help guide them through the due-diligence process of evaluating in-house versus outsourcing options and how to choose the right MSSP partner.

The paper is sponsored by VeriSign and written by Michael Suby of Stratecast Partners (a division of Frost & Sullivan.)

Download the "Why Enterprises Outsource Network Security" White Paper
  Frost & Sullivan MSS Enterprises Outsource Network Security

Intelligence and Controlsm Services

The rise of the Internet has brought with it both unprecedented promise and unprecedented peril. Despite substantial investment in security products, loss from security threats and vulnerabilities continues to climb. To fully benefit from the promise of the Internet and other technology advancements, Enterprises are facing a strategic dilemma in a business environment that requires being both more open and more secure, while dealing with increasing cost, compliance, and complexity issues. This White Paper, from VeriSign, explains these complex issues and what they mean for your organisation.

Download the Intelligence and Control White Paper
  free white papers


To receive our newsletter, please register
(opens in new window)

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.