Company bosses: barrier to security in essential services December 2011 | Derek Parkinson | Leave a comment Company bosses are among the major barriers to improving the security of the Industrial Control Systems (ICS) that our essential services depend on, according to an in-depth study by ENISA. “Many experts agreed that one of the main difficulties in … Continue reading → Tweet
ENISA urges overhaul of HTTPS December 2011 | Derek Parkinson | Leave a comment ENISA has added its voice to those calling for a rethink of how we implement HTTPS. The EU agency agrees with observers who see general problems in the system, in addition to failings by Certificate Authorities (CAs) such as DigiNotar, … Continue reading → Tweet
ENISA: crypto and clouds won’t save us from “life-logging” dangers November 2011 | Derek Parkinson | Leave a comment Excessive reliance on data encryption and cloud services will increase the risk of security breaches as rapidly growing quantities of our personal data are stored online in the next few years, ENISA has warned. The EU agency assembled a panel … Continue reading → Tweet
EU-US cyber defences undergo tests November 2011 | Derek Parkinson | Leave a comment The security of SCADA systems used to control energy infrastructure came under scrutiny this week in Cyber Atlantic 2011, a joint EU-US table-top exercise designed to identify weaknesses in the critical services of the participants. Scenarios involving SCADA systems made … Continue reading → Tweet
ENISA offers five points towards smartphone app security September 2011 | Derek Parkinson | Leave a comment Protecting smartphone users against rogue apps will become the central battleground in the fight against cyber crime, says a new discussion paper from ENISA. It aims to explore five types of defence that together will minimise risks to the end … Continue reading → Tweet
Security flaws in new web standards probed by ENISA August 2011 | Derek Parkinson | Leave a comment EU security agency ENISA has moved into the web standards debate with a detailed analysis of proposed standards for next generation technologies, arguing that there is a window of opportunity to improve security before the new standards proceed further in … Continue reading → Tweet
ENISA reveals old fault lines in EU resilience to new threats April 2011 | Redaction | Leave a comment EU member states would struggle to contain a pan-European cyber incident because procedures are lacking, people aren’t certain who their opposite numbers are, or would have difficulty reaching them quickly enough, an ENISA exercise has revealed. “The exercise has shown … Continue reading → Tweet
The big picture – security in conflict with resilience April 2011 | Redaction | Leave a comment Security concerns create a major barrier to improving the resilience of the internet as a whole, according to research from Enisa . Actions by governments, telcos and carriers to maintain secrecy about the locations and operation of the physical infrastructure … Continue reading → Tweet
Info sharing paper mandates SecurityVibes October 2010 | Redaction | Leave a comment European agency ENISA has announced a series of key recommendations for information sharing in Critical Information Infrastructure Protection (CIIP). The heart of the recommendations is that the importance of information sharing via trusted, targeted communities is of vital importance to … Continue reading → Tweet
Security Awareness Initiatives: Top Lessons Learned From CISOs Part Two July 2009 | Redaction | Leave a comment In Part One of Lessons Learned, we looked at major lessons learned from CISOs at the ENISA (European Network and Information Security Agency) event in June. As we’ve seen so far, after decades of technology spend, the weakest link is … Continue reading → Tweet
