Security Spotlight

RSSSubscribe to this blog
About Author

Contact Author

Email Security

Recent Posts

Putting the 'Cover' into Disaster Recovery

Combine regular testing of physical disaster recovery procedures and automated data protection testing

When Hurricane Sandy struck New York, images of the storm-battered city soon eclipsed other pictures from its destructive course across the Caribbean and Atlantic. It also made clear nature’s effect on business. The New York Stock Exchange was closed for...

The eBay breach: Big brands can no longer protect their users

If the attack happened in February or March, it’s long past the point where a reset will stop possible secondary compromises

Megabrand eBay has fallen to the hackers - do the world’s most powerful brands know what they’re doing? Yesterday eBay set in motion what must be the largest password reset in Internet history after asking its entire user base of...

Tags: ebay, encryption, hacking, password, security

Making risk assessment less risky for critical infrastructure

Targeted cyberattacks are not random so risk assessment is complex

It is the calm before the cyber storm. Over the past several years, critical infrastructure cybersecurity has become a top-of-mind concern for utility managers and for governments alike. Ever since the Stuxnet malware damaged Iranian uranium enrichment facilities, security experts...

Tags: public sector, risk assessment, risk management, security, stuxnet, utilies, waterfall security

Open source security software

The great debate

One of the most interesting debates in IT/infosec circles is around the use of and reliance upon open source security software. Open source security software has its share of fans as well as detractors. As one of its avid fans,...

Tags: alienvault, open source, security

How to make sure you don't end up with a Snowden-sized security leak

Risky business outsourcing....

You can’t move much these days for news of PRISM whistle-blower Edward Snowden, the information security engineer who walked out of his job at US defence contractor Booz Allen Hamilton last month with “thousands” of top secret US government documents....

Tags: booz allen hamilton, data breach, edward snowden, national security agency, prism, security, snowden, trend micro

Why the UK shouldn't fear a Cyber Pearl Harbour

Don't relax, but don't believe all the security hype

There’s no doubt that “Cyber Pearl Harbour” is a great headline, evoking memories of the devastating surprise attack by Japanese fighters on a US military base that forced the States into World War 2. Information security commentators and politicians alike...

Tags: cloud computing, national crime agency, national cyber crime unit, scada, security, trend micro

The architects of our own destruction

Caesar, infrastructure, outsourcing and offshoring

I never wanted to spend my life in IT. I passed a programming exam at high school because I promised the teacher I would never return. It was the hardest 50% I ever had to work for! My passions were...

Tags: certificate authority, firewall, jericho foorum, roman empire, security, venafi

The world's first cyberwar has started

The USA threw some big rocks at Iran, which is now throwing some back

We can now say with some certainty that the world’s first cyberwar is upon us, unfolding behind the scenes with a rising level of intensity, so far pretty much ignored by all but the need-to-knows.On one side are the US...

Tags: ddos, denial-of-service attack, iran, public sector, security, shamoon, stuxnet, us government

Five common practices that lead to failed IT compliance audits and security breaches

Avoiding the auditor's trap is a strong motivator, but avoiding falling into a criminal's trap has got to be the ultimate goal

To put it simply, privileged accounts are like the keys to the kingdom of IT. They grant access to sensitive data and configuration settings. They’re rarely changed in most organisations, yet they’re known to nearly everyone. They don’t have the same...

Tags: admin logins, applications, audit, password policies, security

Twitter, stress and confusion will define the security landscape in 2013

In 2013, we can expect to see more and more companies not only "embracing" but also "adjusting" to the new social landscape

2012 was a year where Twitter became an integral part of everyday lives. For some, Sally Bercow perhaps being the most high-profile example from the UK, 2012 was also the year where Twitter had to be relegated to the past....

Tags: byod, defamation, mobile & wireless, mobility, privacy, sally bercow, security, twitter