The news of two information security breaches resulting in considerable fines are all over today’s headlines. Until now the threat of fines of up to £500,000 have been nothing but hearsay but the precedent has now been set. Both public and private organisations need to take stock and control of their responsibilities relating to the [...]

PCI DSS version 2.0 has finally been published (to take over from version 1.2.1 completely by January 2012). Version 1.2.1 will not be fully retired until this point so there exists a suitably generous conversion period especially given the lack of significant change within the new version. Changes in the most part are based on [...]

Good ‘green’ practices and robust information security are doctrines that most consider to be polar opposites in social philosophies. Talk of ‘green practices’ and ‘carbon neutrality’ conjures up images of reduced product quality and ill-conceived environmental controls in order to utilise green resources or save on non-re-usable materials. This is not an image you want [...]

What can retailers, merchants and others who handle credit card data expect from the PCI SSC when they release PCI DSS 2.0 next month? There are a great many criticisms levelled at the current PCI DSS, such as the fact that it is out of date as soon as it is published and in other [...]

To obtain PCI DCC compliance as quickly as possible, it is important to first guarantee support from senior management – ideally the CEO or MD.  Ensure that you have been assigned adequate and dedicated resources (in the form of personnel, tools and finance).  Without this interest, investment and commitment compliance is destined to fail – [...]

Hot on the heels of our recent post about SSL certificates, I have read with interest another security story about the dangers of phishing. In case you have not come across it before, phishing is defined as “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details [...]

  At UKFast we are often asked about our business continuity plans. However, on many occasions this has to be pointed straight back at the questioner. We start by identifying every critical inward and outward facing business process and list it in order of criticality.  All the information assets involved in each process are identified [...]

It is often important to be sure that the site you are visiting is secure. SSL certificates can guarentee the security of your personal data. When visiting a site, it is important to look for certain signs to ensure that a site is safe before entering credit card details or private personal information. A small [...]

As discussed in a previous blog post, Ofcom’s latest research has confirmed what we all expected – broadband users are not getting the broadband services they are being sold in the first place. In certain circumstances, 97 per cent of customers are not getting their advertised speed. In addition, there is a growing gap between [...]

This series of blogs has focused on introducing and explaining the ISO27001 accreditation in more detail. In this final post of the series we shall explain how an organisation can attempt to be as compliant as possible with the ISO27001 standard, even without receiving this accreditation. Without pursuing ISO27001 accreditation myself, how may I ensure [...]