If you ever wanted proof that website security is a major issue, or that hacking and cyber-attacks are a serious global problem, then you need look no further than the statement issued by Microsoft recently. Microsoft, the world’s largest software producer, has admitted that hackers have uploaded viruses and malware which can help them steal people’s personal data on to millions of new PCs and laptops. After an investigation the company revealed that it had found malware in counterfeit copies of Microsoft Windows which would allow hackers to remotely switch on and control devices like microphones and cameras on machines that were still factory-sealed.
Small firms face a greater cyber-security risk than their larger competitors
We often read headlines in newspapers declaring that UK businesses are suffering as many as 1,000 cyber-attacks an hour, but which businesses are most at risk from hackers? The majority of us would probably suspect that it is the largest organisations; after all they are more likely to have the most-valuable information that will prove to be attractive to hackers.
What exactly are the requirements of Payment Card Industry Data Security Standards (PCI DSS)?
Most businesses will be aware of the vital importance of spotting security vulnerabilities within their network and applications, and many will also be aware that they will need to carry out a network penetration test to help them comply with the Payment Card Industry Data Security Standard (PCIDSS) requirements. Understandably many SMBs will look to find the cheapest and quickest way to comply with the required standards. However, some businesses might be surprised to learn that the service they are paying for isn’t necessarily what they think it is. PCI DSS is explicit in its requirement that a penetration test has to be performed, but it is rather vague when it comes to explaining what methods need to be employed when performing testing.
Why is it important that Information Security Management Systems conform to ISO 27001?
The majority of organisations will generally now have a number of information security controls in place. However, without a formal Information Security Management System (ISMS), these controls tend to be somewhat disorganized, haphazard and disjointed.
The reason for this is that the controls have often been implemented partly as specific solutions for specific situations, or simply introduced as a matter of convention. Unfortunately, the security controls in operation today typically only address certain aspects of IT or data security, leaving non-IT information assets like paperwork and proprietary knowledge less protected and vulnerable. Sometimes business continuity planning and physical security might be managed independently of IT or information security, whilst Human Resources practices may not recognise the need to define and assign information security roles and responsibilities throughout the organization. The ISO 27001 standard was introduced to address these issues.
Deception protection: innovative technology that detects, tracks, profiles and prevents hackers in real-time
The security of both the critical national infrastructure and business interests is increasingly being threatened by cyber criminals. Terrorists, fraudsters, rogue states and individual activists are among the criminals who have been targeting computer systems in the UK over the last two years.
Walking through walls – Manchester 19th Feb 2013
Find out why your network firewall might not save you You are invited to attend a FREE Web Application Hacking Demonstration and discussion on Advanced Evasion Techniques (AETs) followed by lunch and a Security Q&A Session in:- Manchester on Tue 19th Feb 2013 11:00am Hacking and information theft are now big business. The major threat …
Deception Point 6th Feb 2013 – London
Find out how professional hackers are deceiving your network defences You are invited to attend a FREE seminar on how traditional network defences are being routinely breached by attackers. The presentations will include a web application hacking demonstration, discussions on Advanced Evasion Techniques (AETs), the increasing threat from DDoS attacks and the latest Intrusion Deception …
Deception Point 5th Feb 2013 – Manchester
Find out how professional hackers are deceiving your network defences You are invited to attend a FREE seminar on how traditional network defences are being routinely breached by attackers. The presentations will include a web application hacking demonstration, discussions on Advanced Evasion Techniques (AETs), the increasing threat from DDoS attacks and the latest Intrusion Deception …