Security Spotlight

RSSSubscribe to this blog
About Author

Contact Author

Email Security

Recent Posts

Open source security software

The great debate

One of the most interesting debates in IT/infosec circles is around the use of and reliance upon open source security software. Open source security software has its share of fans as well as detractors. As one of its avid fans,...

Tags: alienvault, open source, security

How to make sure you don't end up with a Snowden-sized security leak

Risky business outsourcing....

You can’t move much these days for news of PRISM whistle-blower Edward Snowden, the information security engineer who walked out of his job at US defence contractor Booz Allen Hamilton last month with “thousands” of top secret US government documents....

Tags: booz allen hamilton, data breach, edward snowden, national security agency, prism, security, snowden, trend micro

Why the UK shouldn't fear a Cyber Pearl Harbour

Don't relax, but don't believe all the security hype

There’s no doubt that “Cyber Pearl Harbour” is a great headline, evoking memories of the devastating surprise attack by Japanese fighters on a US military base that forced the States into World War 2. Information security commentators and politicians alike...

Tags: cloud computing, national crime agency, national cyber crime unit, scada, security, trend micro

The architects of our own destruction

Caesar, infrastructure, outsourcing and offshoring

I never wanted to spend my life in IT. I passed a programming exam at high school because I promised the teacher I would never return. It was the hardest 50% I ever had to work for! My passions were...

Tags: certificate authority, firewall, jericho foorum, roman empire, security, venafi

The world's first cyberwar has started

The USA threw some big rocks at Iran, which is now throwing some back

We can now say with some certainty that the world’s first cyberwar is upon us, unfolding behind the scenes with a rising level of intensity, so far pretty much ignored by all but the need-to-knows.On one side are the US...

Tags: ddos, denial-of-service attack, iran, public sector, security, shamoon, stuxnet, us government

Five common practices that lead to failed IT compliance audits and security breaches

Avoiding the auditor's trap is a strong motivator, but avoiding falling into a criminal's trap has got to be the ultimate goal

To put it simply, privileged accounts are like the keys to the kingdom of IT. They grant access to sensitive data and configuration settings. They’re rarely changed in most organisations, yet they’re known to nearly everyone. They don’t have the same...

Tags: admin logins, applications, audit, password policies, security

Twitter, stress and confusion will define the security landscape in 2013

In 2013, we can expect to see more and more companies not only "embracing" but also "adjusting" to the new social landscape

2012 was a year where Twitter became an integral part of everyday lives. For some, Sally Bercow perhaps being the most high-profile example from the UK, 2012 was also the year where Twitter had to be relegated to the past....

Tags: byod, defamation, mobile & wireless, mobility, privacy, sally bercow, security, twitter

How to secure everything, everywhere

With employees increasingly moving away from the desktop, how can businesses embrace the benefits of mobile working while ensuring the management and security of these devices?

The typical business cannot afford to keep up with the short upgrade cycle that drives consumer purchases, but can increase efficiency and cut operational costs by allowing employees to use their own devices in the working environment, allowing the organisation...

Tags: applications, byod, centrify, data loss, mobile & wireless, security

Mature IT: It's time for IT departments to enforce grown-up passwords and intelligent monitoring

To ensure security through variation, IT should not enforce just one syntax across the whole company

Organisations have a continuing problem with password management. Users don’t like complicated passwords; helpdesks don’t like resetting forgotten passwords, and managers don’t like seeing them stuck to the PC monitor.There’s no way round it, it’s essential to create strong passwords...

Tags: applications, hp enterprise security, outlook, risk management, security

Security best practice - Why should you care and what should you do?

It's a catch 22 situation - but it doesn't have to be

Organisations of all sizes and industries maintain extensive financial, customer and mission-critical business data. However, when sensitive information is misused or compromised, organisations will often pay a heavy price. Recent high-profile security breaches have cost millions in revenue and lost...

Tags: certificate authority, public-key cryptography, security