Regulatory compliance and standard requirements

News 21 May 2024
Parliamentary committee criticises big tech response to election threats

Parliamentary committee says tech companies ‘regurgitated publicly available content’ and failed to address questions raised by MPs and peers Continue Reading
News 21 May 2024
The Security Interviews: What is the real cyber threat from China?

Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries Continue Reading

News 03 Jun 2024

AI Seoul Summit review

Dozens of governments and tech companies attending the second global AI Safety Summit have committed themselves to the safe and inclusive development of the technology, but questions remain around whether the commitments made go far enough Continue Reading
News 02 Jun 2024

Ticketek Australia hit by data breach

Customer names, dates of birth and email addresses of Ticketek Australia account holders reportedly impacted in latest data breach affecting event ticketing firm Continue Reading
News 31 May 2024

Law student ‘unfairly disciplined’ after reporting data breach blunder

A law student has accused a leading legal college of unethical behaviour and a “lack of integrity” after it brought misconduct proceedings against him when he reported a data security blunder Continue Reading
Opinion 29 May 2024

How to avoid joining the Dead Java Code Society

Unused or dead Java code is bogging down software engineers and developers, causing weird dependencies and security risks. Eric Costlow of Azul shares some advice on how to avoid becoming a member of a rather unpleasant club Continue Reading
Opinion 29 May 2024

AI governance needs global approach

Doreen Bogdan-Martin, Secretary-General of the UN agency, International Telecommunication Union (ITU) argues that AI governance needs a world-wide approach Continue Reading
News 28 May 2024

Executive Interview: Why Dell wants to be your one-stop AI shop

At Dell Technologies World in Las Vegas, artificial intelligence was the talk of the town as Dell staked out an all-encompassing strategy ahead of an anticipated goldrush. Dell’s Nick Brackney explains why the tech giant believes it's onto a winner Continue Reading
News 23 May 2024

Northern Ireland police face £750,000 fine after data protection blunder put lives at risks

Information commissioner John Edwards uses discretion to reduce proposed fine from £5.6m to £750,000 Continue Reading
News 23 May 2024

Munich Re sees strong growth in AI insurance

Global reinsurance giant Munich Re expects more demand for AI insurance from organisations that are looking to manage the risks of AI as they experiment more with the technology Continue Reading
News 21 May 2024

Parliamentary committee criticises big tech response to election threats

Parliamentary committee says tech companies ‘regurgitated publicly available content’ and failed to address questions raised by MPs and peers Continue Reading
News 21 May 2024

The Security Interviews: What is the real cyber threat from China?

Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries Continue Reading
News 20 May 2024

WikiLeaks founder Julian Assange granted appeal

Two high court judges granted WikiLeaks founder Julian Assange leave to appeal against extradition to the US after defence lawyers argued that the US had failed to give adequate assurances Continue Reading
News 17 May 2024

Why the UK needs to fix its broken IT security market

Ollie Whitehouse, CTO of GCHQ’s National Cyber Security Centre, says the market for secure software is broken. Are new laws required to make software companies liable for poor security? Continue Reading
News 15 May 2024

Cyber Safety Force wants to change conversation around risk

A consortium to help cyber pros better manage risk has launched, with ambitious goals to change the nature of the conversation from cyber security to cyber safety Continue Reading
News 15 May 2024

WikiLeaks founder’s extradition case labelled ‘institutional corruption’

Call for Julian Assange to be prosecuted in the US has been condemned as ‘institutional corruption on a judicial level’ with the WikiLeaks founder a ‘political prisoner’ Continue Reading
News 14 May 2024

CyberUK 24: UK insurance industry gets tough on ransomware

Three of the UK’s largest insurance associations have signed on to a new initiative spearheaded by the NCSC to try to bring down the number of ransomware payments being made Continue Reading
News 10 May 2024

Over 5.3 billion data records exposed in April 2024

The number of data records breached in April 2024 hit over five billion, a staggering year-on-year increase Continue Reading
News 09 May 2024

Cyber attack victims need to speak up, says ICO

The Information Commissioner’s Office is urging organisations to be transparent and learn from each other’s mistakes as it reveals most of the cyber attacks it responds to stem from the same core errors Continue Reading
Opinion 09 May 2024

Enhance identity controls before banning ransomware payments

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
News 09 May 2024

Ofcom publishes draft online child safety rules for tech firms

In the draft codes, Ofcom calls on technology firms to use ‘robust’ age-checking and content moderation systems to keep harmful material away from children online Continue Reading
News 08 May 2024

Police accessed phone records of ‘trouble-making journalists’

The Police Service of Northern Ireland ran a rolling programme to monitor phone records of journalists to identify the source of police leaks, it was claimed today Continue Reading
Opinion 07 May 2024

Government plans to scan bank accounts of disabled people will lead to another scandal

The government is sleepwalking into another scandal as it pushes plans for ‘bank scanning’ algorithms to monitor bank accounts of disabled people Continue Reading
News 03 May 2024

Patch GitLab vuln without delay, users warned

The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern Continue Reading
News 03 May 2024

EU calls out Fancy Bear over attacks on Czech, German governments

The European Union, alongside member states Czechia and Germany, have accused Russian government APT Fancy Bear of being behind a series of attacks on political parties and government bodies Continue Reading
Definition 02 May 2024

document sanitization

Document sanitization is the process of cleaning a document to ensure that only the intended information can be accessed from it. Continue Reading
News 02 May 2024

NCSC updates warning over hacktivist threat to CNI

The NCSC and CISA have warned about the evolving threat from Russia-backed hacktivist threat actors targeting critical national infrastructure, after a number of American utilities were attacked Continue Reading
News 02 May 2024

Dropbox Sign user information accessed in data breach

Account data belonging to Dropbox Sign users was accessed by an unknown threat actor after they hacked into the organisation’s backend infrastructure Continue Reading
News 02 May 2024

Ukrainian national sentenced over REvil ransomware spree

A 24-year-old Ukrainian man has been sentenced to more than 13 years in prison after being convicted of his role in the REvil ransomware attacks Continue Reading
Definition 02 May 2024

What is PCI DSS (Payment Card Industry Data Security Standard)?

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. Continue Reading
News 02 May 2024

BBC instructs lawyers over allegations of police surveillance of journalist

Lawyers for the BBC have written to the Investigatory Powers Tribunal over allegations that the Police Service of Northern Ireland spied on investigative journalist Vincent Kearney Continue Reading
News 01 May 2024

EMEA CISOs must address human factors behind cyber incidents

The 17th annual Verizon report on data breaches makes for sobering reading for security pros, urging them to do more to address the human factors involved in cyber incidents, and highlighting ongoing issues with zero-day patching Continue Reading
Opinion 01 May 2024

Better hygiene may mitigate the need to ban ransomware payments

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
News 01 May 2024

Australia’s Qantas apologises for mobile app data breach

Australian flag carrier Qantas has apologised after a glitch in its mobile application temporarily enabled some customers to view the flights and booking details of other frequent fliers on two separate occasions Continue Reading
News 01 May 2024

DWP anti-fraud measures will allow monitoring of bank accounts of landlords, carers and parents

Parliamentarians raise concerns that a proposed law to require banks to monitor the accounts of millions of people receiving state benefits could lead to those on welfare being denied accommodation or bank accounts Continue Reading
News 01 May 2024

Autonomous weapons reduce moral agency and devalue human life

Military technology experts gathered in Vienna have warned about the detrimental psychological effects of AI-powered weapons, arguing that implementing systems of algorithmic-enabled killing dehumanises both the user and the target Continue Reading
Definition 01 May 2024

Federal Information Security Modernization Act (FISMA)

): The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information technology operations from cyberthreats. Continue Reading
News 30 Apr 2024

Persistent data breaches deny people with HIV dignity and privacy

The ICO has urged charities and healthcare organisations that work with people living with HIV to do better when it comes to protecting their personal data, after the HIV status of more than 100 people was accidentally disclosed by London’s Central YMCA Continue Reading
News 30 Apr 2024

Global majority united on multilateral regulation of AI weapons

Foreign ministers and civil society representatives say that multilateralism is key to controlling the proliferation and use of AI-powered autonomous weapons, but that a small number of powerful countries are holding back progress Continue Reading
Opinion 29 Apr 2024

Ransomware payment bans need universal buy-in

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
News 29 Apr 2024

UK’s long-awaited device security law kicks in

The Product Security and Telecommunications Infrastructure Act has become law across the UK, enforcing basic cyber security standards across connected products sold to the public Continue Reading
Opinion 26 Apr 2024

Security Think Tank: Maybe let's negotiate with terrorists

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
News 25 Apr 2024

Progress being made on gender diversity in cyber

Women make up a higher percentage of new entrants to the cyber security profession, particularly among younger age groups, and are increasingly taking up leadership positions and hiring roles, but challenges still persist Continue Reading
News 24 Apr 2024

Mandatory MFA pays off for GitHub and OSS community

Mandating multifactor authentication for select developers has been a huge success for GitHub, the platform reports, and now it wants to go further Continue Reading
News 24 Apr 2024

TikTok ban sails through US Senate

A law that will ban TikTok in the US unless its owner sells up pronto passed the US Senate by a landslide majority after being included in a package of military aid Continue Reading
News 24 Apr 2024

Education will be key to good AI regulation: A view from the USA

Computer Weekly sat down with Salesforce’s vice-president of federal government affairs, Hugh Gamble, to find out how the US is forging a path towards AI regulation, and how things look from Capitol Hill Continue Reading
Opinion 23 Apr 2024

Security Think Tank: Cyber sector, you have failed this community

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
Opinion 23 Apr 2024

Questions for IT and cyber leaders from the CSRB Microsoft report

The US government's CSRB report on last year's state sponsored cyber attacks on Microsoft raises significant concerns for Redmond and its customers. Expert Owen Sayers outlines five key questions IT and cyber security leaders should now consider Continue Reading
News 22 Apr 2024

Former Sellafield consultant claims the nuclear complex tampered with evidence

Whistleblower Alison McDermott claims former employer Sellafield tampered with metadata in letters used in evidence during an employment tribunal Continue Reading
News 22 Apr 2024

Digital Edge punching above its weight in Asia datacentre market

Fast-growing datacentre provider Digital Edge is eyeing business from hyperscalers and counting on its strengths in datacentre operations and local partnerships to stand out from rivals Continue Reading
News 22 Apr 2024

IT leaders hiring CISOs aplenty, but don’t fully understand the role

Most businesses now have a CISO, but perceptions of what CISOs are supposed to do, and confusion over the value they offer, may be holding back harmonious relations, according to a report Continue Reading
News 21 Apr 2024

Crime agency criticises Meta as European police chiefs call for curbs on end-to-end encryption

Law enforcement agencies step up demands for ‘lawful access’ to encrypted communications Continue Reading
News 19 Apr 2024

Report reveals Northern Ireland police put up to 18 journalists and lawyers under surveillance

Disclosures that the Police Service of Northern Ireland obtained phone communications data from journalists and lawyers leads to renewed calls for inquiry Continue Reading
News 18 Apr 2024

CSA warns of emerging security risks with cloud and AI

Few users appreciate the security risks of cloud and have the expertise to implement the complex security controls, says CSA chief executive David Koh Continue Reading
Opinion 18 Apr 2024

Security Think Tank: Approaches to ransomware need a course correction

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
News 18 Apr 2024

TUC publishes legislative proposal to protect workers from AI

Proposed bill for regulating artificial intelligence in the UK seeks to translate well-meaning principles and values into concrete rights and obligations that protect workers from systems that make ‘high-risk’ decisions about them Continue Reading
News 16 Apr 2024

CW Innovation Awards: Balancing security and user experience

The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access Continue Reading
Opinion 16 Apr 2024

2024 election security: Confronting disinformation and deepfakes

Although disinformation and deepfakes are a threat to electoral integrity, we already have ways to counter emerging threats and there is an opportunity is to adapt and scale these approaches to counter the challenge to democracy, writes Saj Huq. Continue Reading
News 15 Apr 2024

EU’s AI Act fails to protect the rule of law and civic space

Analysis reveals that the AI Act is ‘riddled with far-reaching exceptions’ and its measures to protect fundamental rights are insufficient Continue Reading
Feature 12 Apr 2024

5G networks and biometric breakthroughs: Navigating opportunities and risks

Businesses are quickly adopting 5G to introduce advanced security features such as facial recognition, but while these technologies improve safety and ease of use, they also raise concerns about how sensitive biometric information is gathered and may be misused Continue Reading
News 12 Apr 2024

Executive interview: Balancing AI with human creativity

We speak to the chief product officer at Getty Images and iStock about the role generative AI can play in the image-making process. Continue Reading
Feature 12 Apr 2024

European Digital Identity Wallet: One ID for EU citizens

The European Digital Identity Wallet is a personal digital wallet with which you will be able to identify yourself digitally in the future. Is this the solution for a centralised ID? Continue Reading
News 09 Apr 2024

UK plc failing on multiple cyber measures

Government report shows 50% of businesses and 32% of charities reported a cyber attack or breach in the past 12 months and organisations across the UK are failing on multiple cyber measures Continue Reading
News 09 Apr 2024

Is a cyber arms control treaty out of reach?

The world needs cyber arms control more than ever, but the challenges facing a multilateral agreement will be hard to surmount, according to researchers at Germany’s Digital Society Institute Continue Reading
News 09 Apr 2024

Greek government fined over AI surveillance in refugee camps

Greece’s Data Protection Authority has issued a €175,000 fine against the country’s migration ministry over its deployment of artificial intelligence-powered security systems in refugee camps after the watchdog’s investigation found ‘serious shortcomings’ with the roll-out Continue Reading
Feature 05 Apr 2024

Seven ways to be sure you can restore from backup

Backups are no good if you can’t restore from them. We look at key elements of backup restoration, including backup audits, RPOs and RTOs, and how and when to test backups Continue Reading
News 04 Apr 2024

Changes needed for SOCs and CSIRTs, claims Dutch research institute

Cyber security specialists need a game-changer to keep up with their adversaries, who increasingly use automation and AI for their attacks Continue Reading
Opinion 03 Apr 2024

Security Think Tank: Banning ransomware payments is not so straightforward

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
Opinion 02 Apr 2024

Security Think Tank: How to tackle the scourge of ransomware?

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
Opinion 01 Apr 2024

Security Think Tank: Ransomware lessons from the armed forces

In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
News 29 Mar 2024

Organisations getting better at spotting identity fraud

As the barriers to committing identity fraud continue to drop, organisations should consider more sophisticated technical measures to successfully up their game, according to a report Continue Reading
News 28 Mar 2024

UK plc going backwards on cyber maturity, Cisco report claims

Fewer UK organisations believe their cyber security postures have reached a mature level than did so 12 months ago, as they struggle to keep up with new challenges and a fast-evolving threat landscape Continue Reading
News 28 Mar 2024

Sellafield to be prosecuted over alleged cyber compliance failure

Sellafield Ltd, the organisation responsible for cleaning up and decommissioning the UK's largest nuclear waste site, is to be prosecuted over alleged cyber security failings dating back to 2019 Continue Reading
News 28 Mar 2024

Counter-eavesdropping agency unlawfully used surveillance powers to identify journalist’s source

More than 750 journalists had their communications data accessed by law enforcement and government agencies between 2018 and 2022 Continue Reading
News 27 Mar 2024

Ransomware gang leaks data stolen from Scottish NHS board

Data stolen from an earlier attack on NHS Dumfries and Galloway has been leaked by a ransomware gang that claims to be in possession of much more content Continue Reading
News 25 Mar 2024

Which? calls for government action on fake banking sites

Amid high volumes of spoofed, fraudulent banking websites, Which? is calling for the government to implement new legal obligations for domain registrars Continue Reading
Tip 22 Mar 2024

Data protection impact assessment template and tips

Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
News 22 Mar 2024

Court finds EncroChat hacked messages admissible as former footballer is jailed

A judge in ‘lead’ EncroChat case found that messages obtained by police from the encrypted phone network can be lawfully used in evidence Continue Reading
News 21 Mar 2024

US sues Apple, alleging smartphone monopoly

A major legal action against Apple over its dominance of the smartphone market has kicked off in the US, alleging anticompetitive practices on Apple’s part that have damaged the sector and restricted consumer choice Continue Reading
News 21 Mar 2024

NCSC guidance to help CEOs work through cyber incidents

The NCSC has published in-depth guidance on how business leaders should respond to a cyber attack or data breach. Learn about some of the key steps you will need to follow Continue Reading
News 20 Mar 2024

UK’s cyber resilience stagnates as more fall victim to attacks

The government is calling on businesses to ramp up their cyber protections as study shows improvements to resilience are stagnating amid an ever-growing volume of attacks Continue Reading
Opinion 19 Mar 2024

Board-level buy-in: preparing cyber defences the right way

The cyber security function isn’t a back office team that is never seen and never heard. To truly protect the company, cyber security touches every corner of the business, and it starts from the top Continue Reading
News 19 Mar 2024

Australia’s cyber security spending to grow 11.5% this year

Highly publicised cyber attacks and growing regulatory obligations are keeping security and risk top of mind for Australian organisations this year, says Gartner Continue Reading
News 18 Mar 2024

The Security Interviews: Alex Yampolskiy, SecurityScorecard

Alex Yampolskiy conceived the idea for risk management specialist SecurityScorecard after getting stung by a SaaS supplier that was being cavalier with its customer data. He tells his story to Computer Weekly Continue Reading
News 18 Mar 2024

Cohesity: We won’t abandon NetBackup customers or force migration

CEO promises no forced migration to Cohesity and not to abandon any NetBackup product while building new leadership in artificial intelligence and security around Cohesity Gaia Continue Reading
News 17 Mar 2024

UK’s AI ambitions pointless while cyber security is still neglected

The UK’s AI ambitions may be at considerable risk without stronger cyber defences across the private and public sectors Continue Reading
News 15 Mar 2024

London Mayor’s Office reprimanded over data breach

The London Mayor’s Office has been reprimanded by the ICO after an internal error exposed the data of people who had made complaints against the Metropolitan Police Continue Reading
News 14 Mar 2024

Questions raised over NHS deletion of thousands of emails during whistleblower tribunal

NHS doctor Chris Day has won the right to challenge a tribunal ruling that found no procedural unfairness when an NHS trust deleted thousands of emails. The case that raises wider questions about the use of electronic evidence Continue Reading
News 13 Mar 2024

British Library opens up over ransomware attack to help others

The British Library has opted for full transparency after experiencing a devastating ransomware attack, publishing details of the intrusion, its response and the lessons it has learned Continue Reading
Opinion 12 Mar 2024

A new security partnership to build a silicon valley in South Wales

The £140m acquisition of Newport Wafer Fab by American firm Vishay is to be welcomed but the UK needs needs security, stability and strategic investment to grow our domestic semiconductor capability, writes Alun Cairns MP Continue Reading
News 11 Mar 2024

Government not facing up to CNI cyber risks, committee warns

The Joint Committee on the National Security Strategy has accused the government of burying its head in the sand over the cyber threat to UK critical infrastructure Continue Reading
Podcast 11 Mar 2024

Podcast: Immutable storage essential against ransomware, but...

...not all immutable storage is created equal. That’s the message from Paul Speciale of Scality, who looks at immutable storage, its variants and what’s needed to secure data Continue Reading
News 08 Mar 2024

OSS leaders detail commitments to bolster software security

CISA has announced a number of actions to help secure the global open source ecosystem, as leading package repositories including the Python and Rust foundations advance their own initiatives Continue Reading
Definition 08 Mar 2024

electronic protected health information (ePHI)

Electronic protected health information (ePHI) is protected health information that is produced, saved, transferred or received in an electronic form. Continue Reading
Opinion 08 Mar 2024

How to address third-party risk to ensure business resiliency

Identifying third-party risks, determining risk controls and treating third-parties as allies are some of the ways to address the risks associated with third-party transactions and business engagements Continue Reading
News 07 Mar 2024

PSNI chief denies ‘industrial’ use of surveillance powers against journalists

PSNI chief constable Jon Boutcher has agreed to provide a report on police surveillance of journalists and lawyers to Northern Ireland’s policing watchdog Continue Reading
News 07 Mar 2024

NI Policing Board pressed to open inquiry into PSNI spying on journalists’ phones

Amnesty International and the Committee on the Administration of Justice have asked Northern Ireland’s policing watchdog to open an inquiry into the Police Service of Northern Ireland’s use of surveillance powers against journalists Continue Reading
News 05 Mar 2024

Rapid7 hits out over botched vulnerability disclosure

Software development firm JetBrains and security specialist Rapid7 fall out over the handling of a critical vulnerability disclosure, while customers are left rushing to patch Continue Reading
News 05 Mar 2024

American Express customers exposed through third-party breach

US card giant warns customers that their personal details may have been exposed after a third party experienced a systems breach Continue Reading
News 05 Mar 2024

Banning ransomware payments back on the agenda

The idea of banning ransomware payments to cyber criminals is back on the agenda, with former NCSC chief Ciaran Martin arguing that tougher measures need to be taken Continue Reading
Opinion 05 Mar 2024

How Southeast Asia’s largest bank is riding the AI wave

DBS has scaled its AI capabilities across all parts of its business to deliver tangible outcomes and productivity gains Continue Reading
News 04 Mar 2024

The Security Interviews: Cyber security is about managing risk effectively

Effective cyber security must lead to cyber resilience – that is, the ability to anticipate, protect against, withstand and recover from any adverse condition, disruption or compromise, as Kyndryl’s security practice leader explains Continue Reading