Latest Legislation News

Neglecting health and safety could mean jail sentences under new legislation
posted on 05/01/2009

The Health and Safety (Offences) Act 2008 is designed to give courts the power to sentence individuals who breach health and safety laws. The Act, one of the few Private Members’ Bills to pass into law, is designed to punish individual employees just as the 2007 Corporate Manslaughter and Corporate Homicide Act, introduced in April 2008, targets guilty companies. According to a recent publication by the Health and Safety Executive, predicted figures for reported injuries in the year 2007- 8 indicate that manufacturing is one of the most dangerous industries in the country, with 5,097 major injuries followed by construction and wholesale and retail with 3,764 and 3,429 respectively. Under the new Act a breach of health and safety rules will not have to result in a death, unlike under the Corporate Manslaughter and Corporate Homicide Act. Company directors and managers who turn a blind eye to workplace risk management could face sentences of up to two years under new legislation, war... [more]

A third of healthcare professionals are putting patient information at risk
posted on 20/11/2008

A transatlantic survey of more than a thousand healthcare professionals has shown that over a third are unwittingly putting personal information at risk by storing patient records, medical images, contact details, corporate data and other sensitive information on mobile devices such as laptops, BlackBerrys and USB sticks - and not adequately securing them. The use of portable devices in the healthcare sector has escalated due to their ease of use, speed, increased memory capacity and affordability. Alongside the great benefits that these devices bring come huge security and managerial problems for IT departments - especially when a fifth of the staff surveyed said they brought their own devices into work. Many of these could fall beneath the IT security radar. In the US, a third of healthcare professionals surveyed were downloading sensitive details onto their own personal devices – a basic breach of security practice if they were not complying with the security policy set up by their e... [more]

Innometriks Rhino biometric access control approved for deployment in pilot tests of the TWIC program
posted on 19/11/2008

The Transportation Worker Identification Credential (TWIC) program is mandated by the Maritime Transportation Security Act. It will require port personnel and additional transportation workers to use a tamper-resistant biometric credential to gain authorized access to secured outdoor areas. The TWIC pilot is currently scheduled to begin in early 2009 and will collect operating data from over 20 port facilities and maritime vessels. The Transportation Security Administration (TSA) has evaluated and passed the Innometriks Rhino™ for deployment in critical pilot tests of the TWIC program. The Rhino, a ruggedized smartcard-based access control device with integrated Lumidigm multispectral biometric technology, is now ready for deployment in the upcoming TWIC pilot sites in California, New York, Texas, and Maryland. The decision by the TSA adds the maritime industry's first fully NEMA 4 weatherproof rated reader using multispectral imaging technology to the TWIC Initial Capability Evaluation ... [more]

Tufin SecureTrack 4.4 provides support and interoperability with Fortinet UTM systems
posted on 19/11/2008

Tufin Technologies has announced that SecureTrack 4.4 provides support and interoperability with Fortinet's unified threat management (UTM) systems used by enterprises and MSSPs. In addition, SecureTrack 4.4 includes greatly enhanced rule and object change tracking reports. Through advanced filtering options, security administrators can tailor change reports to best meet their specific requirements. Key New Features in SecureTrack 4.4: • Support for Fortinet’s FortiGate UTM Systems - SecureTrack’s real-time change management, policy analysis and auditing capabilities can now be implemented throughout Fortinet environments in addition to the previously supported Check Point, Cisco and Juniper environments. • Enhanced change report filtering – change reports are fully customizable, with real-time notifications and detailed reports at the rule or object level. This allows enhanced monitoring of critical network infrastructure to prevent mis-configuration. “In light of the growing... [more]

dns Managed Security Information and Event Monitoring service to adhere to regulations and standards
posted on 01/10/2008

With regulations such as PCI, Memo 22, Sarbanes-Oxley and ISO27001 increasingly demanding effective security monitoring of organisations' IT infrastructures, security managers are finding that they simply do not have the time or resources to perform this to an acceptable level. The level of complexity involved and the sheer amount of time required to effectively react to security incidents, means that it is much better suited to a team of highly qualified experts monitoring for security events 24/7. dns has announced the availability of its new managed security information and event monitoring service (SIEM). With 24/7 monitoring of security events across the enterprise, incidents from a range of security devices and critical IT assets are systematically collected, correlated and analysed in real-time. The two forms of security monitoring, Security Event Management (SEM) and Security Information Management (SIM), combine to form SIEM, enabling organisations to react effectively to s... [more]

Other Security news and resources