IBM announces what it claims is first "intelligent security portfolio" for protection of data the cloud in the industry-- the IBM Dynamic Cloud Security Portfolio.

It features tools handling security across enterprise, private and public clouds, and mobile devices, with advanced analytics providing a "single-pane-of-glass" view ranging from the entire enterprise to individual mobile devices. Also included is the IBM Managed Security Services platform, which secures clouds from both IBM and other vendors, including Amazon Web Services and Salesforce.com.

As IBM puts it, the portfolio covers access authentication, data control, visibility improvement and cloud security operations optimisation, and is deployable either on-premise or in the cloud.

ENISA tests the readiness the counter cyber-attacks of 200 organisations and 400 security professionals from 29 European countries in a day-long bi-annual exercise dubbed Cyber Europe 2014.

Described by the agency as the largest and most complex cyber-security exercise held in Europe, Cyber Europe 2014 brings together experts from both public and private sectors, including security agencies, national Computer Emergency Response Teams, ministries, telecoms, energy companies, financial institutions and ISPs. The scenario covers over 2000 incidents, such as DDoS attacks on online services, intelligence and media reports on attack operations, webs defacements, ex-filtration of sensitive information and attacks on critical infrastructure.

Being a distributed exercise, it involves several exercise centres across Europe coordinated by a central exercise centre. It also tests the EU-Standard Operational Procedures, a set of guidelines on the sharing of operational information on cyber crises.

Google researchers discover a legacy SSL 3.0 protocol vulnerability, one potentially exposing users of newer Transport Layer Security (TLS) encryption protocols to risk-- Padding Oracle On Downgraded Legacy Encryption, aka POODLE.

Unlike its namesake, POODLE is not too cuddly. Instead, it allows man-in-the-middle attackers to access and read encrypted communications via padding oracle side-channel attack.

SSL 3.0 made its debut back in 1996, but remains a widely used cryptography protocol. Nearly all browsers support it, and use it as a fallback in case of HTTPS server bugs. Thus, network attackers can cause connection failures and trigger SSL 3.0 use in order to exploit the vulnerability.

Ahead of upcoming EU data protection regulation reform, 84% of respondents of a Sophos survey agree Europe needs stronger data protection laws, but 77% do not believe their organisations comply with current regulation.

Conducted by Vanson Bourne, the research shows only 23% of participants believe their organisations comply with current regulation. Meanwhile 50% confess to either not knowing either not knowing what encryption is (7%) or whether their organisation has it (20%). Only 23% can confirm their organisations encrypts both employee and customer data.

When it comes to mobile device security 98% agree their data is more important than actual devices-- but 25% admit to storing corporate information on personal mobile phones and laptops, while 19% have lost a personal device at one point. At least 64% of respondents' organisations use password-protected mobile devices, but only 31% are aware of encryption functionality.