Revised standard will increase ISO 27001 certification audit fees

Banking malware targets UK high street banks

ISO/IEC 27006:2011, which details information technology security techniques and stipulates requirements for “bodies providing audit and certification of information security management systems” (ISMSs), is currently under review. The final draft of ISO/IEC 27006 was made available in June 2015 for final review and approval. The Standard details requirements for certification bodies related to the competence […]

HP report: 100% of smartwatches contain security vulnerabilities


Bad news for early adopters of smartwatches: a new report from HP Fortify (PDF) examining ten of the top smartwatches on the market found that every single one of them was subject to “specific vulnerabilities” associated with OWASP’s Internet of Things Top 10. HP doesn’t name the ten smartwatches it tested, but with so few […]

LinkedIn fixes phishing flaw

Business concept: digital screen with icon Folder With Shield, 3d render

Kaspersky researcher Ido Naor reports that LinkedIn has now fixed a vulnerability originally identified last November that enabled “attackers to efficiently execute spear phishing campaigns, steal credentials and potentially gain remote control over selected victims without needing to resort to social engineering.” The flaw in LinkedIn’s notification system meant that malicious code could have been […]

Is it time small businesses considered ISO 27001?

While combating cyber threats is a challenge for all organisations, small businesses can find the experience particularly daunting and stressful. Small business owners are usually preoccupied with other tasks and responsibilities, and information security is hardly on their agenda. With research showing that 74% of small businesses fell victims to a data breach in 2014 […]

RESILIA™ – the cyber resilience best practice of the future?

Business concept: digital screen with icon Folder With Shield, 3d render

Given the relatively low-key launch of RESILIA in June, it would be easy to dismiss this new cyber resilience best practice as just another one of those schemes or standards that you look at next year (or maybe never)! Published by AXELOS, RESILIA is a best-practice framework designed to build cyber resilience skills and knowledge […]

Car entertainment systems vulnerable to cyber attack


If your car has an on-board computer or entertainment system then you’ll want to read this… Leading information security organisation NCC Group has found out how to hack into car entertainment systems to take control of vehicles’ brakes, steering and other critical systems. These systems can be hacked by anyone who can find the car’s […]

New PCI DSS guidance: increased compliance and cost implications


The PCI DSS’s additional guidance (released in June 2015) on maintaining business-as-usual compliance will help organisations assess and document how they maintain PCI DSS compliance on an ongoing basis. This guidance underscores the PCI Security Standards Council (PCI SSC)’s commitment to “continuous compliance”, as highlighted in version 3.1 The new guidance, the Designated Entities Supplemental […]

How to prepare for PCI DSS compliance

Payment card security

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is notoriously complicated. The PCI DSS applies to merchants and service providers that process, transmit or store cardholder data. Merchants that have subcontracted all PCI DSS activities to a third party are still responsible for ensuring that all contracted parties comply with the Standard. […]