Another Brick from the Wall - Leadership thoughts

RSSSubscribe to this blog
About Author

The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.

Contact Author

Email Jericho


Recent Posts

The world after user names and passwords

The Jericho Forum's concept of "entitlement"

When the Jericho forum launched its Identity Commandments earlier this year, one of the key concepts discussed was entitlement. Currently for most organisations, access to information is done through a simple user name and password. Once entered, the user has...

Tags: firewall, web security

I am not a number

The flaw of identity is the idea that we only need one

Last week I wrote an introduction to the The Jericho Forum Identity Commandments. The last sentence talked about ‘core identity’ and privacy and we will explore these a little more. There is a lot of confusion around identity and what...

Tags: authentication, identity, jericho forum, security

The future of online identity lies with the cloud

What do the new Jericho Forum commandments mean?

The new Jericho Forum identity commandments have been revealed this week - but what do they mean in practice? This is the start of a number of articles designed to explain them from a more practical standpoint. The Jericho Forum...

Tags: cloud security, jericho forum, security

There goes another 25 million Sony customer records

Once is bad enough. Twice suggests a deeper problem

Following on from last week’s Sony PlayStation Network revelations, the company has now admitted losing the details of another 25 million users, this time from the Sony Online Entertainment (SOE) network. While the data here is said to be outdated...

Tags: data breach, data loss, security

Does the ICO have false teeth?

The Information Commissioner's Office is not being tough enough

It was with great fanfare that it was announced last year that the Information Commissioner’s Office (ICO) could impose fines of up to £500,000 ($830,000) for data breach events. One year on, how has it gone? Not so good. Fewer...

Tags: data breach, data loss, fines, ico

Data breach hacking comes back from the dead

The Sony PSN hack goes against the grain of falling data losses

The latest Verizon data breach investigations report showed that the number of incidents investigated quintupled, but the number of compromised records dramatically decreased. The good news is that there wasn’t a major incident, unlike previous years, in which millions of...

Tags: jericho forum, security, sony playstation hack

After the breach - how secure is RSA's SecurID?

RSA's tokens are still a better bet than many of the alternatives

The recent breach announced by RSA affecting their SecurID tokens raises stark questions on this authentication system. We have not been told many details so far, but let's look at what could be affected.Each type of RSA SecurID hardware token...

Tags: authentication, security

The Internet that never forgets

Why it might be hard to legislate personal data out of existence

The EU has proposed legislation on websites being able to be asked to ‘forget’ user information and while this initially seems like a great idea for privacy there are a few issues which also need to be thought through. Let’s...

Tags: data breach, data loss

Datacentre defence starts at the front door

The raid on Vodafone tells us that security must also be basic

It doesn’t matter if you have invested in the cloud or not, computing applications require hardware to run on and a place to live. Nowadays, the general feeling is that datacentres are the best place for this to happen. But...

Tags: data breach, data loss, datacentre

Is Intel's IPT chip security as good as it sounds?

Identity Protection Technology turns Core microprocessors into hardware tokens. But questions remain.

Intel recently announced Identity Protection Technology (IPT), a capability to generate one-time passwords within a protected area in its latest Core family microprocessors.  IPT is separate from the operating system and works using special digitally signed applets.  Users can associate...

Tags: authentication, intel core