Data Privacy, Compliance & Risk Monthly Round-Up
ISMS.online
Protect and grow your business with the leading ISO 27001 and compliance solution. ISO27001, ISO27701, GDPR, SOC2 + more
July has been busy with governance, risk, and compliance news, so this month's newsletter is bursting with the latest essential headlines, helpful content, reports and insights to keep you up to date.
Read on to learn more about these stories, access handy resources, and more.
Latest Blogs?
After the catastrophic large-scale ransomware attack that exposed 6.5 terabytes of sensitive information, Australian electronic prescription provider MediSecure has gone into liquidation. Rene Millman analyses the attack and vital actions businesses can take from the incident to protect themselves.
From a catastrophic ransomware breach at an NHS England supplier to an insidious plot to implant malware into a popular open-source utility, Phil Muncaster has rounded up his top five stories of 2024 so far and how your organisation can steel itself for the six months to come.
Risk assessment is an ongoing process in ISO 27001, requiring organisations to assess and treat risks throughout their lifecycle. Christie Rae looks at developing an effective risk management process in your organisation.
Danny Bradbury examines the United States International Cyberspace & Digital Policy Strategy (ICDPS), which is nothing if not ambitious. It promises action in cyber-defence treaties, a crackdown on spyware, curbing cybercrime, and hardening critical infrastructure.
MI5 recently briefed vice-chancellors from 24 leading universities on persistent state-backed efforts to obtain intellectual property and the threat from financially motivated cybercriminals. Phil Muncaster has examined the threats and what strategies might best boost cyber resilience.
The NIST National Vulnerability Database (NVD) is in crisis, and the repercussions could impact every cybersecurity team in the country. Rene Millman has taken a closer look at what NIST is doing to get back on track and what CISOs can do to plug the CVE gap in the meantime.
Latest News?
Massive 9.4GB Twitter Data Leaked Online – 200 Million Records Exposed
Researchers at Cyber Press discovered a 9.4GB leaked Twitter user data containing nearly 200 million user data records. This leak, sourced from a Twitter database or scrape, represents one of the most significant exposures of user data in recent times. > read more
AT&T pays $370,000 ransom after massive data breach
AT&T paid a member of the ShinyHunters hacking group $370,000 to delete the data of millions of customers following a massive data breach last week. > read more
OpenAI failed to report a major data breach in 2023
According to a New York Times report, a hacker infiltrated OpenAI's internal messaging system, accessing employee discussions regarding the company's latest AI advancements. > read more
领英推荐
The state of web scraping in the EU
Web scraping poses different legal challenges, such as data protection, copyright and contractual law-related issues. Intellectual property concerns arise as website content, like text, images and data, is often copyrighted, and scraping without the copyright owner's permission may lead to infringement claims. > read more
European Commission Finds X Misleads Users In Breach Of DSA
The European Commission has warned X that it's reached the preliminary view that the company is in breach of the Digital Services Act. > read more
Microsoft Issues Update Warning For All Outlook Users As 'Dangerous' New Threat Confirmed
A new report strongly suggests that 500 million Outlook users may be running that same risk from "a significant… zero-click remote code execution (RCE) vulnerability that impacts most Microsoft Outlook applications." > read more
Starmer plans to introduce AI bill in King's Speech
Sir Keir Starmer is expected to introduce a long-awaited artificial intelligence bill this week as he seeks to follow Labour's manifesto pledge to create binding rules to govern the development of the most advanced machine-learning models. > read more
Free Resources??
WEBINAR: Transitioning to ISO 27001:2022: Key Changes and Effective Strategies
From 31 October 2025, ISO 27001:2013 certificates will be invalid, requiring organisations to transition to ISO 27001:2022. Join our webinar this week to learn about the critical changes between the 2013 and 2022 versions, access a clear roadmap to transition effectively, and the benefits of adopting the latest standard. > Secure Your Place
PCI-DSS v4 Has Taken Effect; Organisations Now Have 8 Months To Comply
Staying ahead in the cybersecurity game isn't just about meeting standards—it's about strategic innovation. Our latest guide does just that, mapping the PCI-DSS v4 standard with the updated ISO 27001:2022 framework to provide a roadmap for financial and e-commerce organisations to achieve concurrent compliance. > Download Here
Latest Release: ISO 42001 Compliance Made Easy with ISMS. online's Artificial Intelligence Management System
We're thrilled to introduce our new Artificial Intelligence Management System (AIMS)that simplifies ISO 42001 compliance and helps you establish responsible AI practices, mitigate risks, and save resources. > Find Out More
Your Compliance Success Story Starts Here
If you're looking to start your journey to better information security and data privacy management, we can help.??
Our ISMS SaaS platform enables a simple, secure and sustainable approach to information management with ISO 27001, SOC 2, NIST and over 100 other frameworks.?Unlock your competitive advantage today.?
Follow us on social media.
So much good stuff in here! I know a few people who will find the #PCIDSS mapping incredibly useful.