Information Security Strategy, Part 1

The Problems of Security Testing and Unmanageable Reports I’d like to talk a little bit about security testing, the problem of information overload and issue prioritisation. To do this I intend on broadly discussing some of the problems of the various options for security testing that organisations have. I’ve written about some related things before, if you’d like a warm up: Vulnerability Assessments vs Penetration Tests. Security is Hard: Why are you laughing Security is Hard: Where do I start However, I’d like to look a little at security a little more strategically today and to discuss the wider problems …

Read More

Security is Hard; Why are you laughing?

This weekend I posted a tweet, a short simple statement – with a lot hidden behind it: Security is Hard I was trying to provoke discussion around two opposite ends of the security spectrum. The idea that security is so difficult that we might as well abandon the whole idea and the idea that security is trivially simple but there are certain blockers in the way (such as managerial denial, being understaffed, tech debt) which are preventing any real progress. The idea being that people are laughing at the statement “Security is hard” because they so wholeheartedly believe one of …

Read More

Staying Safe Online: Privacy

Criminals try to gather information about us online in order to scam us and steal our identities. In America in 2012, identity theft cost the average victim $365 and 12 hours of work to rectify. In 2013 there were 13.1 million U.S. adult victims, that’s nearly one victim every two seconds! That figure represents 5.5% of U.S. adults. This is why being savvy with our online privacy is important!

Read More