to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID

You Tell Us:

We use SSL Technology for web data entry points:

What is SSL?

Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

VeirSign Security Reviews

compliance and privacy

Current News Updates

VeriSign Security Review - December 2006

In this edition, learn about the 5 public blogs that VeriSign employees are using to facilitate communication and technology intelligence among customers, partners, and developers.VeriSign is responding to customer and industry needs every day and in November, VeriSign hosted several of their most influential customers at a Technical Advisory Council to discuss the state of security and the direction of future product offerings. On the international front, VeriSign participated in a keynote presentation at RSA Conference Europe on the topic of Internet Security and the importance of global industries sharing intelligence to better secure online transactions. Enjoy this last edition of 2006 and have a happy and safe holiday season.

In This Issue:

Hot Topics

Monthly Threat Summary

  • Microsoft's security update for November addresses a number of critical vulnerabilities, most notably in Internet Explorer 6.0, XML, and the Workstation service. Security experts believe the flaw in Workstation to be significant, as it would allow an attacker to remotely download malicious code on a targeted computer. VeriSign urges all customers to download all applicable patches as soon as possible.

News from VeriSign

  • VeriSign to Acquire inCode Wireless
  • WestCom and VeriSign Announce Strategic Alliance
  • U.S. Department of Education Turns to VeriSign for Meeting HSPD-12 Deadline

Security Events

  • January 8-11, 2007, International CES, Las Vegas, NV
  • January 14-17, PTC '07, Honolulu, HI
  • February 5-9, RSA Conference , San Francisco, CA

Hot Topics

F500 blogs more than double this year

Technorati's latest “State of the Blogosphere” report showed that of the total 57 million blogs that it is tracking, nearly 3 million were launched from July through September—an average of 100,000 new sites every day. Although traditional media sites continue to dominate the top 100 Web sites, blogs have mostly taken over the rest of the top 500 list. Corporations are realizing that blogging offers a viable, focused, and cost-efficient channel for corporate messaging. As of October 2006, 40 (or 8%) of the Fortune 500 companies were blogging, more than double the number in January 2006.  

VeriSign is among the frontrunners with five public blogs, featuring thought leaders in the field of IT and engineering. Phillip Hallam-Baker, who has his own blog here and on the VeriSign site, explains that blogs are an ideal channel for a certain type of technical information. “When you discover, for example, a loophole in a cryptography function, the last thing you want to do is create a press release to draw attention to it,” he explains. “Responding to those issues in a blog enables us to put out the information in a form that customers, prospects, and salespeople can access, without drawing unwelcome attention to the matter.”

Hallam-Baker sees blogs as a good way to communicate other types of information as well. “They're useful when we have a position or a stake in an issue, but don't have an immediate product or follow-through announcement. They're also a more efficient way of delivering conference presentation materials, without the time and expense of travel.” Like newsletters, blogs can add value for customers by updating them on the latest developments in standards and protocols, or decoding some new marketing term. 

In his VeriSign blog, Hallam-Baker promotes a different way of looking at security, based on accountability. “Traditionally, organizations had only a few assets to protect. Now, they have many more, but no single asset is worth much,” he says. “It no longer makes sense to prioritize asset protection, but to focus on authentication. I want to get readers thinking about stronger authentication, by building the case for accountability.” 

As for Hallam-Baker himself, his Web reading focuses on technical blogs and current affairs. “Technical blogs keep me up to date on what's going on in the field of security,” he explains. “Current events blogs help me anticipate and understand the pressures and opportunities that could impact the business environment. Both types of blogs help me stay on top of the latest developments, so I don't get blindsided.”

Back to Top

Third Annual TAC Helps Us Track Customers' Needs

At VeriSign, we believe the best leaders are often the best listeners. We're always listening to our customers and prospects, and once a year, we host an annual technical advisory council (TAC).  This year, our third TAC took place in November with 16 of our most influential customers from some of the world's top technology, security, financial, and retail companies.

In a series of intense, highly interactive working sessions, we probed for more information about their evolving needs. We told them our plans and our ideas, and they helped us set the direction for current and future security products and services. By the time the sessions concluded, we had validation for our short-term product roadmap, a wish list for longer-term enterprise security solutions, and some great ideas for new product offerings and partnerships. 

Now we're eagerly planning to leverage what we've learned. Last year's TAC was the inspiration for the development of our Security Risk Profiling product. This year's TAC—well, watch this space. And meanwhile, keep telling us what you think of our products, our services, and the challenges you face. We're listening—and with your help, we're leading.

Back to Top

VeriSign's Keynote on Identity Security at RSA Conference Europe 2006

When Nico Popp, Vice President for VeriSign Security Services, gave a keynote presentation on identity security at the RSA conference Europe 2006, more than 500 people packed the Nice Acropolis Exhibition Centre.   

This thought-provoking presentation, titled 'Identity Security: Time to Share' focused on the issues related to identity theft, online fraud, and phishing. Through presentation and demonstration, Popp provided insight into the concept of an identity network and the notion that the 'good guys' should be working on global and intelligent infrastructures that facilitate sharing of intelligence.

One of the most powerful parts of the presentation was a demo scenario, acted out by Andrew Horbury and Mike Davies. One played the part of 'Mr Goodguy,' an ordinary person who uses the Internet to gather information and make personal transactions, including purchases. The other played the part of ‘Mr Badguy,' intent on stealing Mr Goodguy's identity by launching a botnet attack. The scenario included demonstrations of the new High Assurance certificates on the Website of a bank account, the functionality of the VeriSign Identity Protection (VIP) fraud detection services behavioral engine, and the protection provided by using SMS challenge response over an OTP cell phone.  

Learn more about the VeriSign Identity Protection (VIP) suite of products .

Back to Top

Monthly Threat Summary

Microsoft's security update for November addresses a number of critical vulnerabilities in Microsoft products, most notably Internet Explorer 6.0, in XML and in the Workstation service. Security experts believe the flaw in Workstation to be significant, as it would allow an attacker to remotely download malicious code on a targeted computer. VeriSign urges all customers to download all applicable patches as soon as possible.

With recent high-profile mass arrests of prominent individuals in the online credit card fraud community, the FBI has succeeded in forcing many popular carding forums offline. However, carding forums have been disrupted by similar events over the past years and have staged dramatic comebacks.

The Stration worm (aka Warezov) continues to spread in massive numbers. It avoids anti-virus software by constantly downloading new variants of itself. Six hours after the worm downloads a Trojan horse program to an infected computer, the Trojan downloads a “spambot” that sends out massive amounts of advertisements.

A new study by Gartner Inc. claims that the number of people who have received phishing e-mails has almost doubled to 109 million, and financial losses due to phishing have risen to $2.8 billion. While fewer people are falling victim to phishing attacks than in 2005, the average reported loss per attack has nearly quintupled. Anti-phishing Web browsers are having some impact, but educating users remains the best way to combat phishing.

In other phishing-related news, PhishTank, an open-source repository for phishing attacks and related information, has released its first statistics analyzing its content . Companies seeking better protection from phishing attacks may also be interested in a recent report by SmartWare, a software testing company, claiming that the newest version of Mozilla's Firefox is more effective than Internet Explorer7.0 in protecting users from phishing attacks. For a useful news article about this report, see Brian Krebs' article in The Washington P ost.

Also, Google has admitted that three recent posts to its Google Video blog contained copies of the Kama Sutra worm. All subscribers should run anti-virus checks on their computers.

Back to Top

News from VeriSign

VeriSign to Acquire inCode Wireless 
VeriSign has signed a definitive agreement to acquire inCode Wireless, a global business and technology consulting firm. By combining inCode's strategic consulting services with VeriSign's market-leading portfolio of managed communications and content offerings, VeriSign plans to offer end-to-end solutions that enable customers to launch compelling services that drive new revenue streams and improve customer loyalty. Read the press release.

WestCom and VeriSign Announce Strategic Alliance 
WestCom Corp. and VeriSign announced a strategic alliance agreement to jointly market and deliver a suite of next-generation converged IP services to the global financial community. The alliance brings together one of the world's largest providers of trader voice services with the leading global provider of intelligent infrastructure services. Read the press release.

U.S. Department of Education Turns to VeriSign for Meeting HSPD-12 Deadline 
The U.S. Department of Education has chosen VeriSign's integrated authentication services to comply with Homeland Security Presidential Directive 12 (HSPD-12), the federal government's secure identity credentialing mandate. VeriSign will provide the government agency with an integrated, managed solution for rapid deployment and prompt compliance with the mandate.  Read the press release.

Back to Top

Web Seminar

Managed Security Services Panel Discussion
The managed security services marketplace is a confusing beast, because it includes so many diverse vendors. In this panel discussion, Paul Stamp, senior analyst from Forrester Research, poses questions and discusses issues surrounding managed security services with Scott Magrath, VeriSign director of product marketing, and colleagues from BT, Unisys, and Symantec.  This is a great opportunity to gain insight into these services, across the IT spectrum. 

Click here to register to download this podcast. 

Back to Top

Security Events

January 8-11, 2007 International CES, Las Vegas, NV
VeriSign will be exhibiting its Kontiki product at CES, the world's largest annual tradeshow for consumer technology. VeriSign Kontiki offers the industry's most secure and scalable digital media delivery solution, enabling enterprises and content providers to securely publish, deliver, and track digital media to employees, partners, and customers.

January 14-17, PTC '07, Honolulu, HI
PTC is the #1 Asia-Pacific international conference for telecommunications and ICT professionals.  Hard-hitting informative sessions will help prepare you to leverage new partnerships and remain competitive in an ever-changing marketplace. Don't miss the presentation by Sean Kent of VeriSign, Carrier-to-Carrier Enterprise Peering Made Easier, January 15, 1:30 p.m..

February 5-9, RSA Conference, San Francisco, CA
The RSA Conference is the unbiased resource thousands of information security professionals rely on for networking and knowledge sharing. It offers targeted classroom sessions, keynotes by industry luminaries, and a world-class exposition. If you're attending this year's show, please stop by VeriSign booth #1409. 

Back to Top


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.