Categories
Articles

Using technology to enhance incident response

At last week’s TF-CSIRT meeting, Gavin Reid from Cisco suggested that we may have been over-optimistic about how much technology can do to detect and prevent incidents. Automated incident prevention systems can be effective at detecting and preventing automated attacks but are less effective against targeted attacks that use human intelligence rather than brute force. […]

Categories
Articles

Reporting Information Security Breaches

An interesting, though depressing, figure from Verizon’s 2012 Data Breach Investigations Report is that 92% of information security breaches were discovered and reported by a third party. Not by the organisation that suffered the breach, nor by its customers who are likely to be the victims of any loss of personal data, but by someone […]

Categories
Articles

Misconfiguration may be harmful

Darknets are well known as a place to look for Internet threats, but a presentation by RESTENA and CIRCL at this week’s TF-CSIRT meeting suggested they may also show up other kinds of problems. Darknets are parts of the IP address space that are routed but not used, so there should be no legitimate packets […]

Categories
Articles

ENISA Guide to Risk Mitigation for BYOD

ENISA have published a useful set of controls and best practices for managing the risks in a Bring Your Own Device (BYOD) program. They identify three groups of controls Governance Legal, Regulatory and HR Technical (Device, Application, User and Data) Throughout, the focus is on the owners, not the devices, which seems right. If the […]

Categories
Articles

ICC Cookie Guide updates

The International Chamber of Commerce has published a revised version of its Cookie Guide, reflecting the new information that has been produced by the Information Commissioner and Article 29 Working Party since the original version last April. There are relatively few changes to the existing text, in particular the four ICC categories of cookie remain […]

Categories
Articles

Art.29WP on Cookies – specific and pragmatic advice

The e-Privacy Directive’s provisions on cookies exempt two classes of cookies from the requirement to gain consent (though if they relate to individual users, websites still need to inform users about them, under data protection law): CRITERION A: the cookie is used “for the sole purpose of carrying out the transmission of a communication over […]

Categories
Articles

New Guidelines on Social Media Prosecutions

Following criticism of a number of recent arrests and prosecutions relating to postings on social media sites, the Director of Public Prosecutions  has published new draft guidelines. These confirm that postings that break criminal laws on threats, harassment and breaching court orders should generally be “prosecuted robustly” under the specific legislation for those crimes. When […]

Categories
Articles

Human Rights Committee report on Defamation Bill

The Joint Committee on Human Rights has published its conclusions on the Defamation Bill. Among other changes the Bill intends to clarify the position of websites that accept posts from third parties and make it less likely that lawful posts will be removed because of fear of liability. The Committee are “glad to see steps […]

Categories
Articles

Communications Data Bill Committee report

The Joint Committee on the Draft Communications Bill has published its report, concluding that while there is “a case for legislation which will provide the law enforcement agencies with some further access to communications data” the current proposal needs “substantial re-writing”. The Committee address three of the four concerns raised in our Janet evidence. They […]

Categories
Articles

Law Commission on Contempt of Court and the Internet

The Law Commission have published an interesting consultation paper on how the law of contempt of court is affected by the internet. Anything that “tends to interfere with the course of justice” may be considered contempt: the Contempt of Court Act 1981 deals in particular with communications addressed to the public at large or a […]