IT Governance Weekly Round-Up
It’s been another week of scandalous cyber security stories hitting mainstream headlines, following a data breach at Uber and the announcement that footage from the Grand Theft Auto VI was hacked. But beyond the buzzworthy news, there remain commonplace security concerns for organisations to address, which we discuss this week. That includes the growing influence of SOC 2, advice on how to detect a cyber attack and a report investigating a particular security threat that glasses-wearers should be careful of when on conference calls.
How to Detect a Cyber Attack
Organisations are being urged to respond to the threat of cyber crime by investing more in their defences, but if those solutions aren’t part of a cohesive strategy, the benefits will be minimal. It’s why many experts recommend taking a defence-in-depth approach to cyber security. Over the next few weeks, we’ll delve into each layer, explaining what it encompasses and how it fits into an organisation’s overall approach to cyber security. We begin this week with the first layer of defence in depth: threat detection.
SOC 2 Audits are a Crucial Weapon in Your Organisation’s Arsenal
Over the past year, the popularity of SOC 2 has surged. This has been led in part by UK several government departments deciding to use the framework as a requirement for vendors. A key component of SOC 2 is the audit process, which assesses the security, availability, processing integrity, confidentiality and privacy controls of an organisation. But what does the uptick in SOC 2 attestation mean for your organisation, and how will it affect the way we view information security – particularly in relation to ISO 27001, which is the most widely used framework in the UK and Europe?
IT Governance Podcast Episode 8: Twitter, Instagram, InterContinental and Cloud security
In our latest podcast, we discuss allegations of data security failures at Twitter, a €405 million fine for Instagram, a cyber attack on InterContinental Hotels Group, and why Cloud security is so important.
Reflections in your glasses can leak information while you're on a Zoom call
Bespectacled video conferencing participants have more to worry about than if their hair is uncombed or they have some spinach stuck between their teeth. According to newly-publicised research, they may also be unwittingly leaking sensitive information displayed on their computer screens. Boffins from the University of Michigan teamed up with their counterparts at the Zhejiang University in China to investigate whether the wearing of eyeglasses while using a computer was a security risk.
Uber says hacker group Lapsus$ behind cybersecurity incident
Uber has linked the cybersecurity incident it disclosed last week to hackers affiliated with the Lapsus$ gang, a group accused of numerous high-profile corporate data breaches. The company also said the attackers were able to download or access company Slack messages and invoice-related data from an internal tool.
领英推荐
What Data Protection Challenges Do Schools Face in 2022?
The education sector faces more challenges than most when it comes to protecting sensitive data. That’s in part because of a lack of resources in many schools, but it’s also due the vast amounts of personal data that they must process. But what specific problems does the education sector currently face? In this blog, we look at five data protection challenges that must be addressed.
Grand Theft Auto VI footage leaked after hack, developer Rockstar confirms
More than 90 videos and images from the next edition of the Grand Theft Auto franchise have been leaked online by a hacker, the game's developers say. The leaked content was posted on Sunday after what is being described as one of gaming's biggest security breaches.
American Airlines discloses data breach after employee email compromise
American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of?employee?email accounts and gained access to sensitive personal information. In notification letters sent on Friday, September 16th, the airline explained that it has no evidence that the exposed data was misused.?
Free webinar: Protection: The second layer of your cyber defence-in-depth strategy
Protecting your organisation from the increasing threat of cyber attacks is challenging. Employees are a crucial line of defence, and ensuring they know their security responsibilities and how to spot a cyber attack is critical. Join IT Governance Founder and Executive Chairman Alan Calder for this this webinar, as he discusses the emerging cyber security threats and the ways that organisations can protect themselves. The presentation takes place on Thursday, 29 September from 3pm.
Free PDF download: Data Flow Mapping Under the GDPR
To comply with the GDPR (General Data Protection Regulation), organisations must understand the types of personal data they process, as well as knowing where and how it is collected, accessed, shared and stored. Many organisations process much more data than they realise, which is why it is vital to perform a data flow mapping exercise. Download our free green paper to find out how you can create a GDPR-compliant data flow map.