Archive | Information Assurance RSS feed for this section


22 Dec

Having been on a customer site all day, I returned home to scan my email.

Over half the emails were festive greetings, with all sorts of creative content: embedded images, attached animated images, links to sites with festive messages and attached files with seasonal offers.

What could possibly go wrong? Continue reading

CEOs: How to avoid a cyber pay-cut

6 Jul

The Culture, Media and Sport Committee, appointed by the House of Commons, has produced a report on “Cyber Security: Protection of Personal Data Online

Recommendation 3 states “To ensure this issue [cyber security] receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber security”

Continue reading

What can you learn from a Padlock?

22 Jun

In the address bar of THIS blog, you should see a little padlock… Continue reading

Is that Web Site Secure?

7 Jun

To see if a web site is secure, we have been trained to look for the padlock in the browser.  Sadly, not all padlocks are the same  Continue reading

Why is my Password Too Long?

26 Jan

Dear Virgin Media

I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media).  I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently. Continue reading

Cyber Matters Top 10 posts from 2015

22 Dec

As 2016 approaches, I thought it would be nice to look back on 2015 and share with you the Top 10 most viewed blog posts here on Cyber Matters. Let the countdown begin … Continue reading

How do you evaluate an Information Exchange Gateway solution?

8 Sep

How do you evaluate an Information Exchange Gateway solution? I’ve blogged previously on Cyber Matters about how Information Exchange Gateways (IEGs) need to be built in a flexible manner to meet a variety of customer requirements. The other big question from potential customers is how do they know that they can trust a solution? Continue reading

DNS Tunnelling

25 Aug

A recent project at Nexor required us to look at the challenges of providing access to the DNS from a secure environment. It reminded me of the issues related to DNS tunnelling.
Continue reading

Can you trust your handset?

16 Jun

For many years the Jericho forum has been talking about de-perimeterisation. The basic premise being that as more services become cloud oriented and are accessed with BYOD technology, large elements of the corporate data set are now stored outside of the corporate perimeter.

In looking at the security of such a system, a fundamental question arises. Can you trust the end user devices themselves?

The article “In 2015, security will start with the handset” looks at some of the progress needed in making the handset trustworthy. But this seems a very different position to most organisations looking at BYOD, where the basic premise is (or should be) the BYOD devices cannot be trusted, so you need to control the information flow to them.

I’d argue, today, there is not a right answer – you need to assess the risks in the specific context of a specific situation.

A managed end-user device, in a controlled environment where all the updates have been applied, where an anti-malware solution operates, with at-rest data encryption could offer a perfectly suitable solution to access corporate data from a set of known applications.

On the other hand, a 3 year old Android device, that has never been patched and been used to browse the Internet may not be a great choice for viewing secret data.

It all depends on understanding the risk. To understand the risk, requires understanding the specifics of the user handset. The document set “End User Devices Security and Configuration Guidance” is a really good starting point.

Can we help you with understanding the security risks of your device? An example of how we helped a customer with booting their device securely can be found in the Blog “Booting Linux Securely“.

What Google IoT OS means for your privacy?

1 Jun

Here at CyberMatters we don’t reblog very often.
However here is a good and concise article on some of the privacy challenges the IoT brings, over and above traditional security issues. While this focuses on Google, the challenge is more general.

The new EU data protection proposals will make designing IoT solutions like this that are compliant, a real challenge.

If looking at deploying corporate IoT applications you’ll have to consider privacy issues as well as security. Fortunately help is at hand via our sponsor – Qonex.


The launch of Google operating system for Internet of Things (IoT) devices will have a massive impact on our privacy generating big data out of personal data.

View original post 1 more word