GREP-BLOG

Friday, 23 May 2014

ICO Report: Protecting personal data in online services

A useful report from the ICO on data breaches drawn from their experience:

"The Information Commissioner’s Office (ICO) has published a new security report highlighting eight of the most common IT security vulnerabilities that have resulted in organisations failing to keep people’s information secure."

 ICO Report

The ICO have highlighted the key eight areas that they have found result in data leakage:

  • Software updates 
  • SQL injection 
  • Unnecessary services 
  • Decommissioning of software or services 
  • Password storage 
  • Configuration of SSL and TLS 
  • Inappropriate locations for processing data 
  • Default credentials
Appendix B also contains some interesting information on how long it takes to crack varying length and complexity passwords.

An extract is: