web-archive-uk.com


Web directory, archive
Search web-archive-uk.com:


Find domain in archive system:
web-archive-uk.com » UK » C » CSRISKMANAGEMENT.CO.UK

Total: 259

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CS Risk Management - CS InfoSec Blog
    Verify the legitimacy of the email by contacting the organization directly through a trusted contact number Trusted contact information can be found on the Better Business Bureau National Charity Report Index Refer to the Security Tip ST04 014 on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 30 April 2015 by Maritz Cloete WordPress Releases Security Update Original release date April 23 2015 WordPress 4 1 2 has been released to address multiple vulnerabilities one of which could allow a site to be compromised by a remote attacker WordPress 4 1 1 and earlier are affected by this vulnerability US CERT recommends users and administrators review the WordPress Security Release and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 23 April 2015 by Maritz Cloete IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials Original release date April 21 2015 The Internet Crime Complaint Center IC3 has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks Doxing the act of gathering and publishing individuals personal information without permission has been observed Hacking collectives may exploit publicly available information identifying officers or officials their employers and their families These target groups should protect their online presence and exposure Users are encouraged to review the IC3 Alert for details and refer to US CERT Tip ST06 003 for information on staying safe on social network sites This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 22 April 2015 by Maritz Cloete UK courts can now impose unlimited DPA fines Magistrates courts are no longer limited to 5 000 fines for criminal offences under the DPA following the entry into force of the Legal Aid Sentencing and Punishment of Offenders Act 2012 Fines on Summary Conviction Regulations 2015 on 12th March 2015 The Regulations allow for an unlimited fine where individuals are convicted under section 55 offence of obtaining or disclosing personal data without the consent of the data controller The ICO has confirmed that it is conceivable for a Data Protection Officer to commit a criminal offence under section 55 DPOs caught breaching the rules therefore may find themselves liable to payment of a fine of a now uncapped amount This entry was posted in Data Protection Act Compliance Uncategorized and tagged Data Protection DPA on 21 April 2015 by Maritz Cloete PCI 3 1 released SSL 3 0 and TLS 1 0 no longer good enough A minor update to the PCI DSS standard was released by the PCI SSC earlier

    Original URL path: http://www.csriskmanagement.co.uk/blog/?author=1&paged=8 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    to v10 10 2 iOS 8 3 for iPhones 4s and later iPod touch 5th generation and later and iPad 2 and later Safari 8 0 5 Safari 7 1 5 and Safari 6 2 5 for OS X Mountain Lion v10 8 5 OS X Mavericks v10 9 5 and OS X Yosemite v10 10 2 Apple TV 7 2 for Apple TV 3rd generation and later US CERT encourages users and administrators to review Apple security updates HT204659 HT204661 HT204658 and HT204662 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete Vulnerabilities Identified in Network Time Protocol Daemon ntpd Original release date April 08 2015 The Network Time Foundation s NTP Project has released an update addressing multiple vulnerabilities in ntpd Exploitation of these vulnerabilities may allow an attacker to conduct a man in the middle attack or cause a denial of service condition Users and administrators are encouraged to review Vulnerability Note VU 374268 for more information and update to NTP 4 2 8p2 if necessary This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete Amazon cloud contract terms meet EU standards on data transfers Certain contract terms used by cloud provider Amazon Web Services have been deemed by the Luxembourg DPA to be a safe way of effecting international data transfers The decision of the National Commission for Data Protection in Luxembourg on behalf of the Article 29 Working Party follows a similar endorsement given to Microsoft last year The Luxembourg authority said that the approval will reduce the number of national authorisations businesses will need to obtain from EU DPAs for their transfers outside of the European Economic Area if contracting with AWS for the storage of that data This entry was posted in Data Protection Act Compliance and tagged EU Data Regulation on 8 April 2015 by Maritz Cloete IC3 Issues Alert for Fake Government Websites Original release date April 07 2015 The Internet Crime Complaint Center IC3 has released an alert that warns consumers of fraudulent government services websites that mimic legitimate ones Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information PII and collect fees for services that are never delivered US CERT encourages users to review the IC3 Alert for details and refer to the US CERT Tip ST04 014 for information on social engineering and phishing attacks This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete IC3 Releases Alert on Web Site Defacements Original release date April 07 2015 The Internet Crime Complaint

    Original URL path: http://www.csriskmanagement.co.uk/blog/?paged=9 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    OS X Yosemite v10 10 to v10 10 2 iOS 8 3 for iPhones 4s and later iPod touch 5th generation and later and iPad 2 and later Safari 8 0 5 Safari 7 1 5 and Safari 6 2 5 for OS X Mountain Lion v10 8 5 OS X Mavericks v10 9 5 and OS X Yosemite v10 10 2 Apple TV 7 2 for Apple TV 3rd generation and later US CERT encourages users and administrators to review Apple security updates HT204659 HT204661 HT204658 and HT204662 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete Vulnerabilities Identified in Network Time Protocol Daemon ntpd Original release date April 08 2015 The Network Time Foundation s NTP Project has released an update addressing multiple vulnerabilities in ntpd Exploitation of these vulnerabilities may allow an attacker to conduct a man in the middle attack or cause a denial of service condition Users and administrators are encouraged to review Vulnerability Note VU 374268 for more information and update to NTP 4 2 8p2 if necessary This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete Amazon cloud contract terms meet EU standards on data transfers Certain contract terms used by cloud provider Amazon Web Services have been deemed by the Luxembourg DPA to be a safe way of effecting international data transfers The decision of the National Commission for Data Protection in Luxembourg on behalf of the Article 29 Working Party follows a similar endorsement given to Microsoft last year The Luxembourg authority said that the approval will reduce the number of national authorisations businesses will need to obtain from EU DPAs for their transfers outside of the European Economic Area if contracting with AWS for the storage of that data This entry was posted in Data Protection Act Compliance and tagged EU Data Regulation on 8 April 2015 by Maritz Cloete IC3 Issues Alert for Fake Government Websites Original release date April 07 2015 The Internet Crime Complaint Center IC3 has released an alert that warns consumers of fraudulent government services websites that mimic legitimate ones Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information PII and collect fees for services that are never delivered US CERT encourages users to review the IC3 Alert for details and refer to the US CERT Tip ST04 014 for information on social engineering and phishing attacks This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete IC3 Releases Alert on Web Site Defacements Original release date April 07

    Original URL path: http://www.csriskmanagement.co.uk/blog/?author=1&paged=9 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    has told UK businesses to sort out data protection right now even though the new European Data Protection is only scheduled to come into force by 2017 at the earliest There is a lot going on in data protection that UK firms should be aware of besides the new EU data protection rules deputy information commissioner David Smith told a Westminster eForum in London Continue reading This entry was posted in Cyber Security Data Protection Act Compliance and tagged Data Protection on 23 March 2015 by Maritz Cloete Mozilla Releases Security Updates for Firefox Firefox ESR and SeaMonkey Original release date March 20 2015 Last revised March 23 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox Firefox ESR and SeaMonkey Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system Available updates include Firefox 36 0 4 Firefox ESR 31 5 3 SeaMonkey 2 33 1 Users and administrators are encouraged to review the Security Advisories for Firefox Firefox ESR and SeaMonkey and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 March 2015 by Maritz Cloete TA15 051A Lenovo Superfish Adware Vulnerable to HTTPS Spoofing Original release date February 20 2015 Last revised February 24 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed Overview Superfish adware installed on some Lenovo PCs install a non unique trusted root certification authority CA certificate allowing an attacker to spoof HTTPS traffic Description Starting in September 2014 Lenovo pre installed Superfish VisualDiscovery spyware on some of their PCs This software intercepts users web traffic to provide targeted advertisements In order to intercept encrypted connections those using HTTPS the software installs a trusted root CA certificate for Superfish All browser based encrypted traffic to the Internet is intercepted decrypted and Source US Cert This entry was posted in Threat Alerts and tagged Cyber Security on 20 February 2015 by Maritz Cloete Benefiting from Cyber Essentials This is a copy of an article we wrote that was published in the Cyber Security supplement of the New Statesman 12 16 Feb 2015 Cyber security starts with addressing what you can predict and anticipating what you cannot Cyber security risks are perceived to be unpredictable a perception fed by media coverage of the latest major cyber attacks affecting large companies However if these attacks are examined more closely more often than not the root cause of a successful attack was that cyber defences did not cover all vulnerabilities in the affected company s IT systems Many cyber attackers opportunistically exploit commonly known vulnerabilities in weak IT systems That means some incidents could have been predicted and avoided had the organisations in question taken steps to identify and address them Continue reading This entry was posted in Cyber Essentials and tagged cyber essentials New Statesman on 11 February 2015 by

    Original URL path: http://www.csriskmanagement.co.uk/blog/?paged=10 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    protection right now The ICO has told UK businesses to sort out data protection right now even though the new European Data Protection is only scheduled to come into force by 2017 at the earliest There is a lot going on in data protection that UK firms should be aware of besides the new EU data protection rules deputy information commissioner David Smith told a Westminster eForum in London Continue reading This entry was posted in Cyber Security Data Protection Act Compliance and tagged Data Protection on 23 March 2015 by Maritz Cloete Mozilla Releases Security Updates for Firefox Firefox ESR and SeaMonkey Original release date March 20 2015 Last revised March 23 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox Firefox ESR and SeaMonkey Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system Available updates include Firefox 36 0 4 Firefox ESR 31 5 3 SeaMonkey 2 33 1 Users and administrators are encouraged to review the Security Advisories for Firefox Firefox ESR and SeaMonkey and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 March 2015 by Maritz Cloete TA15 051A Lenovo Superfish Adware Vulnerable to HTTPS Spoofing Original release date February 20 2015 Last revised February 24 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed Overview Superfish adware installed on some Lenovo PCs install a non unique trusted root certification authority CA certificate allowing an attacker to spoof HTTPS traffic Description Starting in September 2014 Lenovo pre installed Superfish VisualDiscovery spyware on some of their PCs This software intercepts users web traffic to provide targeted advertisements In order to intercept encrypted connections those using HTTPS the software installs a trusted root CA certificate for Superfish All browser based encrypted traffic to the Internet is intercepted decrypted and Source US Cert This entry was posted in Threat Alerts and tagged Cyber Security on 20 February 2015 by Maritz Cloete Benefiting from Cyber Essentials This is a copy of an article we wrote that was published in the Cyber Security supplement of the New Statesman 12 16 Feb 2015 Cyber security starts with addressing what you can predict and anticipating what you cannot Cyber security risks are perceived to be unpredictable a perception fed by media coverage of the latest major cyber attacks affecting large companies However if these attacks are examined more closely more often than not the root cause of a successful attack was that cyber defences did not cover all vulnerabilities in the affected company s IT systems Many cyber attackers opportunistically exploit commonly known vulnerabilities in weak IT systems That means some incidents could have been predicted and avoided had the organisations in question taken steps to identify and address them Continue reading This entry was posted in Cyber Essentials and tagged cyber essentials New Statesman

    Original URL path: http://www.csriskmanagement.co.uk/blog/?author=1&paged=10 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    organisation has almost doubled since the previous year The average cost to a large organisation for the worst level of security breach is between 600k and 1 15m up from 450 to 850k a year ago The average cost to a small business for its worst security breach is between 65k and 115k up from 35 to 65k a year ago During the last year significant global brands have been impacted by Information security attacks These include Ebay Target Sony Evernote and WordPress and According to the RSA monthly fraud reports the UK is the 4th most attacked country by volume after the United States China and the Netherlands In response to this growing threat the UK Government in consultation with industry launched the Cyber Essentials IT security standard in June 2014 Continue reading This entry was posted in Cyber Essentials and tagged cyber essentials cyber essentials plus on 10 November 2014 by Maritz Cloete ISO27001 Working for your business ISO IEC27001 2013 is the international standard that provides a model for establishing implementing operating monitoring reviewing maintaining and improving an Information Security Management System ISMS As the fear of security issues increases in business customers are looking for reassurance from companies who are likewise seeking reassurance from their suppliers that information security is being managed to ensure protection of their data For many companies the solution to responding to these concerns is alignment with ISO27001 This article covers some of the key points we have found that will make ISO27001 work for your business Continue reading This entry was posted in ISO27001 2013 and tagged ISO IEC27001 2013 ISO27000 ISO27001 ISO27001 2013 on 21 October 2014 by Maritz Cloete Data leakage this time its personal On almost a daily basis the media share stories of confidential information being disposed of in park bins laptops being found in taxis and passwords being published on the internet While this is undoubtedly concerning the findings from a global security study on data leakage have revealed that the data loss resulting from employee behaviour poses a much more extensive threat than many IT professionals believe Continue reading This entry was posted in Cyber Security and tagged Data Leakage Data Loss Prevention on 27 September 2014 by Maritz Cloete Management Buy in for ISO27001 Implementation Overcome obstacles for Management Buy In for Information Security For any security plan to be effective the co operation of staff at all levels is essential Achieving this is easier said than done with other priorities and lack of communication often proving to be stubborn obstacles To ensure staff buy in management must be seen to fully support an information security plan and this can be a tough obstacle to overcome Finding the best way to justify a security plan in the face of objections can be a challenge but being prepared with the facts about the risks and benefits will be a big advantage Continue reading This entry was posted in ISO27001 2013 and tagged ISMS ISO27001 Management

    Original URL path: http://www.csriskmanagement.co.uk/blog/?paged=11 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    of a breach to an organisation has almost doubled since the previous year The average cost to a large organisation for the worst level of security breach is between 600k and 1 15m up from 450 to 850k a year ago The average cost to a small business for its worst security breach is between 65k and 115k up from 35 to 65k a year ago During the last year significant global brands have been impacted by Information security attacks These include Ebay Target Sony Evernote and WordPress and According to the RSA monthly fraud reports the UK is the 4th most attacked country by volume after the United States China and the Netherlands In response to this growing threat the UK Government in consultation with industry launched the Cyber Essentials IT security standard in June 2014 Continue reading This entry was posted in Cyber Essentials and tagged cyber essentials cyber essentials plus on 10 November 2014 by Maritz Cloete ISO27001 Working for your business ISO IEC27001 2013 is the international standard that provides a model for establishing implementing operating monitoring reviewing maintaining and improving an Information Security Management System ISMS As the fear of security issues increases in business customers are looking for reassurance from companies who are likewise seeking reassurance from their suppliers that information security is being managed to ensure protection of their data For many companies the solution to responding to these concerns is alignment with ISO27001 This article covers some of the key points we have found that will make ISO27001 work for your business Continue reading This entry was posted in ISO27001 2013 and tagged ISO IEC27001 2013 ISO27000 ISO27001 ISO27001 2013 on 21 October 2014 by Maritz Cloete Data leakage this time its personal On almost a daily basis the media share stories of confidential information being disposed of in park bins laptops being found in taxis and passwords being published on the internet While this is undoubtedly concerning the findings from a global security study on data leakage have revealed that the data loss resulting from employee behaviour poses a much more extensive threat than many IT professionals believe Continue reading This entry was posted in Cyber Security and tagged Data Leakage Data Loss Prevention on 27 September 2014 by Maritz Cloete Management Buy in for ISO27001 Implementation Overcome obstacles for Management Buy In for Information Security For any security plan to be effective the co operation of staff at all levels is essential Achieving this is easier said than done with other priorities and lack of communication often proving to be stubborn obstacles To ensure staff buy in management must be seen to fully support an information security plan and this can be a tough obstacle to overcome Finding the best way to justify a security plan in the face of objections can be a challenge but being prepared with the facts about the risks and benefits will be a big advantage Continue reading This entry was posted in ISO27001 2013

    Original URL path: http://www.csriskmanagement.co.uk/blog/?author=1&paged=11 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    fit in with the overall BC Strategy More emphasis on top management commitment through greater leadership enabling an environment of support and involvement in BCM This will mean that management will need to commit more time and resources to ensuring they implement a BCM capability rather than going through a tick box exercise Greater emphasis on BCM system performance and metrics analysis and determining the effectiveness of your BCM System This is reinforced by the requirement for permanent monitoring of the BCM System as well as periodic reviews to measure and improve its operation This will mean that organisations will need to prove on an on going basis the cyclical nature of the BCMS lifecycle i e measuring the effectiveness of the BCMS against the BC Strategy and goals and providing proactive remediation where needed There is recognition of more modern working practices particularly relating to third party arrangements and the requirement for organisations to control and take responsibility of those activities which could affect their business The standard requires that Organisations shall control processes that are contracted out or outsourced This will mean that organisations will have to be more proactive in their management and responsibility for 3rd party service providers ensuring that an appropriate level of due diligence and on going audit and remediation takes place You cannot pass responsibility to the 3rd parties MTPD Maximum tolerable period of disruption and RTO Recovery time objective have been replaced with the following Setting prioritized timeframes for resuming these activities at a specified minimum acceptable level taking into consideration the time within which the impacts of not resuming them would become unacceptable In essence there is no change here apart from wording which is part of the rationale for introducing the revised Management System Model Organisations will still need to identify minimum recovery time requirements prioritized across all critical systems in a proper top down way BC Procedures formally 4 3 Developing and implementing a BCM Response now has the following requirements Procedures need to be established to ensure interested parties are warned and communicated with Incident response must include a trigger point for invocation Each plan must include information which might have been previously stated collectively i e each plan must be capable of standing alone Organisations must make sure they include all interested parties in their incident communications and an invocation trigger point must be decided and adhered to rather than making it an Incident Management Team responsibility This reinforces the up front planning and preparation noted in the first point Additionally each BC Plan must now contain enough information to be stand alone rather than having core elements aggregated into one central plan overlay So what are the practicalities if your organisation has already got certification to BS 25999 2 The first thing is that your accreditation body will need to transition to ISO 22301 and they have until May 2014 to do this After that you will have 1 year to transition to ISO 22301 using

    Original URL path: http://www.csriskmanagement.co.uk/blog/?paged=12 (2016-02-14)
    Open archived version from archive



  •  


web-archive-uk.com, 2017-12-16