Web Page sponsored by IT Governance
www.itgovernance.co.uk
IT Governance is a unique organisation.
We source, create and deliver products and services to meet the real-world, evolving IT governance needs of today’s organizations, directors, managers and practitioners. Our objective is to make this site the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training and consultancy.
We have been involved in designing, and successfully implementing, cost-effective BS 7799/ISO 27001 information security management systems since the standard was first promulgated. We write and publish extensively on IT governance subjects, including IT service management, project governance, regulation and compliance, and have evolved a range of leading-edge tools for IT governance, information security and regulatory compliance practitioners, available through the online shop on this site.
We approach IT governance, regulatory compliance and information security issues from a management perspective and are committed to engaging business leaders in developing and implementing information, ICT regulatory compliance and information security strategies that enable their businesses to compete effectively in the global information economy.
IT Governance Ltd
t: + 44 (0) 8450 701750
d: + 44 (0) 1353 771068
f: + 44 (0) 1353 662667
31 Mar 11. Another Brand Damaged by supplier Data Breach! Following last week’s revelations about Play.com’s customer data being compromised – as a result of a supplier falling victim to a cyberattack – the UK based Co-operative has admitted that a third-party vendor posted information online about 83,000 of its customers.
These latest data breaches highlight the importance that an organisation must place on its own information security and, if service providers are going to have access to data, then it is essential they are subject to at least the same level of security as the company procuring their services.
Cybercriminals widen their net
It’s early days, but it seems that cybercriminals are widening their net to include the suppliers and third-party vendors of larger brands, the type of suppliers that handle a lot of customer data and e-mail addresses. This shift in focus could be down to hackers in search of low hanging fruit, or because cybercriminals know that genuine subscriber details are much more useful for creating third generation phishing attacks designed to lure consumers to malware-infected sites.
Brands suffer at their suppliers’ expense
The Play.com data breach was the result of their e-mail service provider ‘Silverpop’, being attacked and their security arrangements not being fit for purpose. Because it was Play.com’s customer data that was compromised, Play.com has received more negative press than Silverpop, and the brand’s reputation will suffer as a result. In the case of the UK based Co-operative, the third-party vendor responsible for causing the data breach hasn’t even been named!
Avoid reputation and brand damage caused by third-party suppliers
Comply with the Data Protection Act
A security breach, such as that experienced by play.com and the Co-operative may, in some organisations, also reflect an underlying failure to comply with the DPA.
For cost-effective do-it-yourself DPA compliance, you should buy the Complete Data Protection Toolkit. If you are quick, and purchase today (31 March 2011), we’ll send you our essential best-practice report Data breaches: Trends, costs and best practices absolutely free!
Accredited Certification to ISO 27001 gives an organisation internationally recognised and accepted proof that its system for managing information security – its ISMS or cybersecurity readiness – is of an acceptable, independently audited and verified standard.
31 Mar 11. Despite pressure on defence spending worldwide, military
communications look set to remain central to defence procurement and in