See Your Company Through the Eyes of a Hacker

A rather interesting article. What I like is the description it provides of the attackers potential landscape in today’s global, verbose connected world. It does give some recommendations which I’ve summarised below: 1. Focus your efforts on those assets that could ‘ruin’ your company following a successful attack. This way the real attacks are not lost Continue Reading

Elephants and Information Security

I’ve been thinking more about the Sony Pictures story…. it has been mentioned that it could be an insider job… what this means is that all information needs to be protected, not just within the organisation, but between each individual, identity. Every business process in an organisation should be protected cryptographically, there should be a thread Continue Reading

Shaken but not stirred – Sony Pictures

It’s been a chilling experience for Sony Pictures, and a little surreal for those observing. It could be one of their movies…. Bruce Schneier has some thoughts. The hacking incident has shocked many, although any of us in information security may not be particularly surprised. After many years in information security I am continually disappointed by Continue Reading

Nordic Security Summit 2014

There is a great conference coming up in Stockholm on 5th November. Apart from the fact I am speaking there, I will be in the company of a great speaker lineup. Last year was very good! If you want to go, you can register here (http://www.nordicitsecurity.com). Look forward to seeing you there. I will probably Continue Reading

I’ve been digging around in my archives and found something that has sort of been lost. There is the traditional security triad, of Confidentiality, Integrity, Aviability (CIA). Which has also been revised to the following, at least 8 years ago. I found this on Bruce Schneier’s blog anyhow. Authentication (who are you) Authorization (what are Continue Reading