Directive (EU) 2016/680 (the Data Protection Law Enforcement Directive – LED) entered into force on 6 May 2016 and Member States had until 6 May 2018 to transpose it into national law. It repealed and replaced Council Framework Decision 2008/977/JHA but is a
much more comprehensive and general data protection instrument. Importantly, it applies to both the domestic and the cross-border processing of personal data by competent authorities for the purposes of preventing, investigating, detecting or prosecuting criminal offences and executing criminal penalties, including safeguarding against and preventing threats to public security (Article 1(1)).

(more…)

Why are we issuing this Consultation Paper?
This Consultation Paper (CP) seeks public comment on our proposals for regulating Security Tokens. These proposals are designed to provide a regulatory regime for activities relating to Investments that:

a)are a digital representation of rights and obligations, created, stored and capable of being transferred electronically – using distributed ledger technology (DLT) or similar technology; and (more…)

It didn’t take long for cyber criminals to say ‘Happy New Year’ to 2019 as the first data breach announcement came on January 2 by Blur, a password management company, that had an unsecured server exposing a file containing 2.4 million user names, email addresses and other information.

While 2018 hit record-setting numbers as to the number of data breaches and consumer records exposed, 2019 was on pace as of mid-year to be the worst year ever, according to a report by Risk Based Security

(more…)

Industrial Control Systems (ICS) are important to supporting US critical infrastructure and maintaining national security. ICS owners and operators face threats from a variety of adversaries whose intentions include gathering intelligence and disrupting National Critical Functions.
As ICS owners and operators adopt new technologies to improve operational efficiencies, they should be aware of the additional cybersecurity risk of connecting operational technology (OT) to enterprise information technology (IT) systems and Internet of Things (IoT) devices.

(more…)

The scope of this Guide could be very large and unwieldy, so it has been refined to focus on key areas, thereby excluding some important cyber security topics (but certainly not all), such as:

• Cyber security incident response, which is covered in a separate CREST guide • In-depth analysis of fields in event logs, as these are well covered in the CPNI/Context report entitled Effective Cyber Security Log Management
• Deep technical analytical tools and techniques, typically used by commercial cyber security monitoring and logging experts
• Cyber security insurance.

(more…)