This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT ecosystem, is a fundamental building block for IoT security. By providing good practices on how to secure the IoT software development process, this study tackles one aspect for achieving security by design, a key recommendation that was highlighted in the ENISA Baseline Security Recommendations study which focused on the security of the IoT ecosystem from a horizontal point of view.

(more…)

The foundation of Germany’s cybersecurity architecture dates back to 1986. It was in this year that the organization preceding the “Bundesamt für Sicherheit in der Informationstechnik” (Federal Office for Information Security, BSI, official translation), known as the “Zentralstelle für das Chiffrierwesen” (Central Office for Encryption, ZfCh, own translation), set up a working party to deal with questions of security amid the rapid development of ICT technology.

(more…)

Businesses are undergoing a digital transformation demanding rapid migration to the cloud and expanded adoption of web, mobile, and social platforms. These initiatives, which expand organizations’ digital presence far across the internet, were already exposing the limitations of network security controls like firewalls, DLP, and network monitoring. According to the Verizon Data Breach report, external-facing web applications, into which network security tools lack visibility, comprised the vector category most commonly exploited in hacking-related breaches.

(more…)

The Financial Action Task Force (FATF) is an independent inter-governmental body that develops and promotes proliferation of weapons of mass destruction. The FATF Recommendations are recognised as the global anti-money laundering (AML) and counter-terrorist financing (CFT) standard.

(more…)

Directive (EU) 2016/680 (the Data Protection Law Enforcement Directive – LED) entered into force on 6 May 2016 and Member States had until 6 May 2018 to transpose it into national law. It repealed and replaced Council Framework Decision 2008/977/JHA but is a
much more comprehensive and general data protection instrument. Importantly, it applies to both the domestic and the cross-border processing of personal data by competent authorities for the purposes of preventing, investigating, detecting or prosecuting criminal offences and executing criminal penalties, including safeguarding against and preventing threats to public security (Article 1(1)).

(more…)