Li-Fi has been widely talked about, largely due to its capability to deliver a high data rate wireless connectivity.
Li-FI has some very interesting security characteristics too.
Having been on a customer site all day, I returned home to scan my email.
Over half the emails were festive greetings, with all sorts of creative content: embedded images, attached animated images, links to sites with festive messages and attached files with seasonal offers.
What could possibly go wrong? Continue reading
As we approach the Christmas holiday period, I thought I’d share a cautionary tale on setting up your Out-of-Office auto-response. For quite a while now I have been building a relationship with a prospective customer. While I have had discussions with a person there – let’s call him Bob – Bob has worked hard to keep his privacy. Continue reading
So, Tesco was hacked. Although there is no official word yet on how this happened, the chatter among people far smarter than me are suggesting the issue is related to passwords and the Tesco Club card.
CyberMatters is a blog about security. This article is NOT about security, there is a related security point related to this article documented in the blog Smart Home Project – Network Segregation
Over the last few weekends I’ve rebuilt my smart home solution. It reminded me of how hard it is to build something that is secure.
At the recent East Midlands Cyber Security Forum (EMCSF), I was fortunate enough to have the opportunity to chair a panel session on the topic of ransomware. Continue reading
Cyber Essentials as a standard is now starting to mature, with almost 3,000 certifications now reported.
Cyber Essentials is largely a one-size-fits-all. You are either compliant, or you are not (with a small bit of “comply or explain” wriggle room). This is good for the purpose it was intended, and serves a baseline for all businesses.
This is now mandated for UK Government procurement, but when assessed for use in the Ministry of Defence’s supply chain it was considered the essentials were not enough.
The challenge however is different elements of the supply chain needed greater or lesser security. The solution being trailed is called the Defence Cyber Protection Partnership (DCPP) Cyber Security Model (CSM).
The model describes 4 risk levels, from Very Low up to High (plus a Not Applicable). For each of these a set of mandatory security controls is defined. Even at the Very Low end, Cyber Essentials is required. The higher the risk, the tighter the expected level of control.
Referring to my blog “The importance of having an Asset List”, it’s interesting to note that only at the Medium risk grade is an asset list mandatory – in the blog I argue you find the lower levels hard to do without one.
At the highest end of the CSM, there are controls such as “Proactively verify that the security controls are providing the intended level of security”; i.e., implementing security is not enough – you need to be able to demonstrate your controls are working.
The CSM approach is very much a ladder, you move up rung by rung from Cyber Essentials.
For something more bespoke and comprehensive there is the ISO 27001 based approach, in which you:
Effectively an a-la-carte approach to customise a solution, all wrapped in a security management system.
Within your business, you need to take control and determine the appropriate level of security, but please don’t be paralysed by indecision – at the very least start a Cyber Essentials programme.