Tag Archives: CESG

Top cyber crime threats to East Midlands businesses

20 Sep

I recently attended the East Midlands Cyber Crime Breakfast, where a panel of experts outlined what they saw as the principal cyber crime threats that were affecting organisations in the East Midlands. Continue reading

Why is my Password Too Long?

26 Jan

Dear Virgin Media

I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media).  I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently. Continue reading

How do you evaluate an Information Exchange Gateway solution?

8 Sep

How do you evaluate an Information Exchange Gateway solution? I’ve blogged previously on Cyber Matters about how Information Exchange Gateways (IEGs) need to be built in a flexible manner to meet a variety of customer requirements. The other big question from potential customers is how do they know that they can trust a solution? Continue reading

5 Observations on Moving the Cyber Industry Forward

19 Sep

I had the pleasure of attending the SINET Global Cybersecurity Innovation Summit earlier this week. A very thought provoking event, with some great speakers.
Continue reading

Why do Staff Break Security Rules?

26 Jun

A recent report by Northumbria University for the Government Office for Science, strongly echoes research we at Nexor conducted in 2009 with Prof. Monica Whitty of the University of Leicester.
Continue reading

UK Government Security Classification Scheme

1 Apr

After nearly two years of planning, the new UK Government Security Classification system comes into operation this month. This will probably be accompanied by some articles from the doomsday brigade suggesting forecasting chaos and uncertainty; there are undoubtedly rough edges, but it’s important not to lose sight of the bigger cultural change at play…

Continue reading

IACG: UK IA Community Map

18 Feb

As co-chair of the Information Assurance Collaboration Group (IACG), I have pleasure in announcing the latest update of the UK IA Community Map.
Continue reading

Booting Linux Securely

6 Feb

A report from Learning Tree “Linux Scores Highest in UK Government Security Assessment” has analysed the CESG set of reports on the security of end user devices, in which CESG assessed 11 operating systems. The Learning Tree report observed:

Of those, Linux got the best overall score

The report then looked at the criteria used to make this assess, and suggested:

As for Secure Boot, that has its serious detractors

Continue reading

Simple Information Assurance Maturity Model

22 Oct

A few months back I was tasked by the Nexor Board to carry out a fresh review of the cyber threat to our business and the maturity of our risk mitigations. We’ve had ISO 27001 for a many years across the business, and our audits all come up good, so I thought it should be easy. But how could I explain the results in a Board friendly manner?

Continue reading

What is the difference between a Guard and a Gateway?

13 Aug

Guards and gateways are full application layer proxies that connect to two or more networks.  They accept data passed on an inbound network interface, ‘process it’, and then pass data to the outbound network interface.   The difference between the two is in the ‘process it’ step.
Continue reading