web-archive-uk.com


Web directory, archive
Search web-archive-uk.com:


Find domain in archive system:
web-archive-uk.com » UK » C » CSRISKMANAGEMENT.CO.UK

Total: 259

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CS Risk Management - CS InfoSec Blog
    reading This entry was posted in PCI DSS Compliance and tagged Compliance PA DSS PCI DSS on 4 June 2015 by Maritz Cloete PCI 3 1 released SSL 3 0 and TLS 1 0 no longer good enough A minor update to the PCI DSS standard was released by the PCI SSC earlier this week in the form of PCI DSS 3 1 Due to the vulnerabilities exposed in the recent POODLE and BEAST browser attacks the standard no longer sites SSL 3 0 or TLS 1 0 as examples of strong cryptography Continue reading This entry was posted in PCI DSS Compliance and tagged PCI DSS Risk Management on 17 April 2015 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics ISO27000 Social Media Information Security ISO IEC27001 2013 Cyber Security Data Protection PCI DSS Advanced Persistent Threats Management Support Security Controls Cyber Security Defence DPA Data Loss Prevention ISMS ISO27001 APT ISO27001 2013 EU Data Regulation cyber essentials plus cyber essentials RSS feed If you want to stay up

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=6 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    2015 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Data Protection ISO27000 EU Data Regulation Advanced Persistent Threats APT Cyber Security cyber essentials plus PCI DSS DPA Information Security Data Loss Prevention ISO27001 2013 ISMS Security Controls ISO27001 Management Support

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=compliance (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    2015 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics cyber essentials plus Security Controls PCI DSS ISO27001 ISO27001 2013 Advanced Persistent Threats DPA ISO IEC27001 2013 EU Data Regulation APT Social Media Data Protection Data Loss Prevention ISMS Cyber Security

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=padss (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    the new standard is create a formal risk mitigation and migration plan This is quite interesting as we all know risk management is a key part of managing information security and this latest decision resurrects the old debate about security vs compliance security is an everyday occurrence and compliance is check box exercise In an ideal world organisations should be practicing active information risk management anyway identifying and evaluating new threats and putting mitigation strategies in place to deal with this PCI DSS should be a completeness check at the end similar to Annex A in ISO27001 As the major PCI breaches have clearly shown in the last year compliance with the standard does not mean you are by definition secure So the message is clear and to an extent it is starting to be re iterated by the PCI SSC itself don t rely purely on PCI compliance as an indicator of the robustness of your security posture Understand your environment and its weaknesses keep your eye and ears open to new threats and put mitigating controls in place to deal with threats that pose a real risk to your business regardless if it is mandated by any standard The PSI DSS standard is by nature static despite all the efforts to maintain it on a regular basis Conversely security threats are very very dynamic Relying on the PCI compliance alone is like taking a knife to gun fight Ask Target This entry was posted in PCI DSS Compliance and tagged PCI DSS Risk Management on 17 April 2015 by Maritz Cloete Post navigation Oracle Releases April 2015 Security Advisory UK courts can now impose unlimited DPA fines Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=199 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    0 no longer good enough A minor update to the PCI DSS standard was released by the PCI SSC earlier this week in the form of PCI DSS 3 1 Due to the vulnerabilities exposed in the recent POODLE and BEAST browser attacks the standard no longer sites SSL 3 0 or TLS 1 0 as examples of strong cryptography Continue reading This entry was posted in PCI DSS Compliance and tagged PCI DSS Risk Management on 17 April 2015 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Management Support PCI DSS Cyber Security ISO27001 Social Media Advanced Persistent Threats Information Security ISO IEC27001 2013 Data Protection Data Loss Prevention ISO27001 2013 DPA APT ISMS Cyber Security Defence Security Controls cyber essentials plus cyber essentials EU Data Regulation ISO27000 RSS feed If you want to stay up to date with our blog subscribe to our RSS feed Archives February 2016 January 2016 December 2015 November 2015 October 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=risk-management (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    The decision of the National Commission for Data Protection in Luxembourg on behalf of the Article 29 Working Party follows a similar endorsement given to Microsoft last year The Luxembourg authority said that the approval will reduce the number of national authorisations businesses will need to obtain from EU DPAs for their transfers outside of the European Economic Area if contracting with AWS for the storage of that data This entry was posted in Data Protection Act Compliance and tagged EU Data Regulation on 8 April 2015 by Maritz Cloete Post navigation IC3 Issues Alert for Fake Government Websites Vulnerabilities Identified in Network Time Protocol Daemon ntpd Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Security Controls PCI DSS Cyber Security APT Cyber Security Defence Advanced Persistent Threats cyber essentials Data Loss Prevention cyber essentials plus ISO27001 2013 ISO27000 Social Media EU Data Regulation Data Protection Management Support ISO27001 DPA Information Security ISMS ISO IEC27001 2013 RSS feed If you want to stay up to date with our blog subscribe to our RSS

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=164 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    is a threat of exposure to offensive web content via links contained in e mails posts and tweets After reviewing these risks and benefits there are several options available to businesses when considering the use of social networks Allow unrestricted access to social networking sites providing employees with unrestricted access could boost morale however there is the potential for this access to be exploited Allow restricted access to specific sites and or at specific times allowing employees access to certain sites perhaps those designed for business networking or allowing access to personal sites only outside of business hours or during lunch Allow access to social networking sites only to those authorised to use a business profile for example marketing teams who update the site with business related information Block access to all non business related sites for all employees only allow access to sanctioned business related programs and Block internet access to all this is an unlikely option since many companies now use internet based programs for day to day operations Social Networking Policy For those businesses that decide to use or allow access to social networking sites it is crucial to implement and maintain a social networking policy The policy will provide employees with guidance so that they are accountable for their actions While specific components of the policy will vary dependant on the nature of the organisation and how they use social networking there are several elements that should form the basis for any social media plan Guidelines and Restrictions It is important to establish a level of control that provides protection whilst allowing the informality that is the foundation of social networking Business data should be classified so that employees are fully aware of what sensitive information is and what can and cant be mentioned on profiles or in posts Also determine who is authorised to access corporate content and modify accounts on behalf of the company Remember that mobile devices such as smartphones and tablet PCs are also at risk from hackers so be sure to specify if employees are permitted to access social networking from these devices Education and training Educating employees on the acceptable use of social media is essential to reducing the risks Each employee represents the company and a thoughtless tweet about a product launch or personnel change has the potential to damage reputations Consider limiting the posting of corporate data unless authorised and clearly state the consequences of failure to follow policy disciplinary or dismissal procedures can be implemented for employees who violate policies Although this may seem heavy handed prevention is always better than cure Monitoring Once a policy has been approved it is important to monitor the activity relating to the business Check the networks for the company or product name find out what is being said If customers are losing faith in the company take the opportunity for promotion by addressing concerns Failure to monitor on a regular basis could lead to loss of sales and damage to

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=22 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    breached the remote access security controls they were able to blend into the normal remote access traffic from other employees to maintain access to the target s network which allowed them plenty of time to find other internal vulnerabilities to exploit VPN logs were a telltale source of evidence the source IP addresses of authenticated user sessions targeted by the attack would change quickly switching between address blocks owned by distinct IP providers across separate geographies However not companies actively monitor their remote access logs Protecting your remote access points Regular password expiry may provide some protection but an attacker could still be on your systems for up to the duration of the expiry period which means anything up to 180 days the default setting on some Microsoft domain controllers Your systems will be disrupted and your data will be long gone by that time One relatively simple way to secure remote access is through employing two factor authentication technology as the compromise of static credentials such as usernames passwords and certificates will not compromise the security of remote access into your corporate network There are countless two factor authentication solutions to choose from including hardware based solutions e g RSA SecureID software based solution e g Google Authenticator and mobile phone SMS based solutions Whether you do employ two factor authentication or not you still need to monitor your remote access logs for suspicious activity that may indicate a breach or breach attempt This could include high volumes of failed login attempts for specific user accounts concurrent remote access sessions using the same credentials unexpected remote connections from foreign locations especially if you do not have staff that work from those locations uncharacteristic remote log ins outside of business hours users with shorter than normal VPN connection times but

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=247 (2016-02-14)
    Open archived version from archive



  •  


web-archive-uk.com, 2017-12-11