Tag Archives: Security Culture

How can firms protect themselves from ransomware?

5 Oct

In a previous blog post I wrote about the rise of ransomware over the last year. In this post I will briefly outline what steps organisations should take to avoid becoming the next victim of ransomware. Continue reading

The importance of having an Asset List

6 Sep

In July I attended and presented at the East Midlands Cyber Security Conference and Expo, at the National Space Centre in Leicester.

Asset List blog2In their presentations, Derbyshire’s Assistant Chief Constable –  Martyn Bates, Del Heppenstall – Director, KPMG, and Christian Toon – Cyber Security Specialist, PricewaterhouseCoopers LLP all mentioned in one way or the other the importance of maintaining an asset list.

In my presentation on Implementing Cyber Essentials, I also observed that while not a specific requirement of Cyber Essentials, in practice you will find it hard to manage a certified environment unless you have a good view of the complete list of assets.

If we take a look at the ISO 27001 standard for information security management systems, Section A 8.1.1 declares “Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained”.

So the evidence seems conclusive, if you care about security in your business, you really must make an asset list. Without one, how can you be sure the asset is suitably protected?

What is ransomware?

17 Aug

Computer hacking has evolved considerably over the past 20 years. What was once a “hobby” to demonstrate technical prowess, by breaking into systems and putting graffiti on web sites, then evolved into stealing as a way of gaining criminal financial reward. Continue reading

Q: When will the IoT be secure? A: Never.

16 Feb

That may seem a bit bizarre coming from someone working for a company that specialises in making the IoT secure. Let me justify the comment. Continue reading

Could PAS 754 have helped Juniper?

13 Jan

In an important Juniper security announcement last month it was revealed that:

“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections.” Continue reading

Cyber Threat Glossary – By Example

4 Nov

As more and more people talk about security, I hear the terms threat, vulnerability, mitigation and risk used. Often in what I believe is the wrong context.

There are lots of attempts to define the terms, write taxonomies etc. There is little point in duplicating this, however, here is how I think about the terms…

Continue reading

Are we Incentivising Staff to Break Security Rules?

22 Jul

In the article Security Zone: understanding why staff break the rules,
Andrew Kays describes some research undertaken by Nexor with cyberpsychology researchers at Nottingham Trent University to look at the underlying causes of sensitive data loss. The research looked specifically at the factors that influence human behaviour and people’s attitudes towards security, in particular their responses to rules defined in published security policies.

Continue reading

Book Review: Cyber Security Culture

2 Jul

Subtitle: Countering Cyber Threat through Organizational Learning and Training
Author: Peter Trim and David Upton

Continue reading