Be part of something bigger, join the Chartered Institute of Information Technology.
“Going forward, it will be important for the new regulator to work with businesses, consumer groups and other organizations such as professional bodies, to ensure that companies include trustworthy and maintainable cybersecurity safeguards in their products.
“The trick will be to strike the right balance between allowing companies as much freedom and independence as possible to innovate, while also making sure that they innovate responsibly.”
Regarding passwords, Adam Leon Smith, Head of Software Testing Specialists Group at BCS, said: “I like unique password requirements. However, it doesn’t seem appropriate to have specific requirements about actual passwords in the legislation. Sure, ‘password’ And “admin” is bad. But there are gray areas – it seems that Infosec specialists regularly discuss whether it is better for users to use special characters and numbers in passwords.
“One reason for this is that people tend to do the same thing repeatedly, for example adding ’00! At the end of all their passwords, which leads to a vulnerability.
“Some think it’s better to have passwords of a minimum length, while others think the only secure password is one you can’t remember!
“So it’s important that the new law doesn’t specify too much about this, and indicate technical standards that could evolve as the industry thinks.”