Information Security Policies: Knowing Who and How to Trust

Posted by:

After reading my previous post, you may think that greedy/evil/incompetent co-workers are a few steps away from causing data-breach related havoc. And that feeling in the pit of your stomach is the realisation that it might be your own actions (or indeed lack thereof) may have played a part.

When it comes to insider threat, we have to acknowledge that we all sit somewhere along the spectrum. Not only that, but the more senior we are and ...

Read More →
0

Making Vendor Risk Management Part of Your Security Strategy

Posted by:

When we think of Vendor Risk Management (VRM), there’s usually a policy or a procedure, possibly even a process to follow – and for good reason. The consistent approach that effective VRM gives you should lead to lower financial and strategic risks, increased admin efficiencies, reduced costs and quicker onboarding of suppliers.

A painful lessons this year has taught businesses is that they are only as resilient as the vendors they rely on. A promise is only ...

Read More →
0

How the pandemic changed everything and nothing

Posted by:

This is a quick look back over the last six months or so: what’s changed in the world of work and cybersecurity and how businesses have responded. I wasn’t sure how to title this post. I don’t think words like ‘review’, ‘lessons learned’ or ‘takeaways’ really do the scale of the situation, but ‘What the …. just happened?’ seems a bit strong.

That being said, from my research and conversations with people in the companies that have ...

Read More →
0

NIST Privacy Framework – Your Foundation for Future Privacy Compliance

Posted by:

In preparing to write an article about the NIST Privacy Framework I asked some friends who work in infosec and data protection for their thoughts. With few exceptions the conversation went:

“Oh, you mean the NIST CyberSecurity Framework.”

“No, the Privacy Framework”, I’d reply.

“I’m pretty sure it’s Cybersecurity.”

“I’ll send you a link.”

It’s not surprising that it’s gone under the ...

Read More →
0

Are You in the Dark About Visibility?

Posted by:

 

You can’t have good posture without good visibility. This is not a phrase I’ve picked up during those hours of internet yoga classes during lockdown; try saying that in a real life yoga class and you’ll get some very funny looks indeed. But it does describe the core of an effective cybersecurity strategy.

Your ‘Security Posture’ is a combination of factors:

  •       Your awareness of current and changing cybersecurity threats.
  • Read More →
    0

Why bother hacking when firms keep leaving the doors wide open?

Posted by:

If your company suffered a data breach, wouldn’t it be at least a bit comforting if you knew it was because an army of criminal geniuses had spent months trying to penetrate your fortress-like defences?

Imagine the effort they must have gone through. They’ve tried every form of phishing, spearphishing, smishing, vishing and whaling. They’ve sent fake printer and HVAC engineers to try to penetrate the data centers. They’ve tried to get their spies recruited to ...

Read More →
0

Zoom: How to Avoid Cyber Security Video Conferencing Pitfalls

Posted by:

There has been quite a trend in recent years of companies going from zeroes to heroes to villains in a short space of time: think Uber and WeWork. 

Unsustained growth can pose problems, particularly if you do not take cybersecurity seriously. 

Enter Zoom. Its fast growth caught the attention of bad actors and security researchers alike. Here are just a few of the recent security issues that have been raised. 

Read More →
0

Coronavirus And The Sudden Remote Worker Cybersecurity Problem – 5 Things to Consider

Posted by:

While the Covid-19 situation is changing rapidly, companies need to prepare for any eventuality. For IT departments, this means that, at any moment, any number of staff might be required to stay at home for a period of quarantine or self-isolation at very short notice. 

Where appropriate, companies ought to consider how they can keep their employees productive if they can’t come into work for a few weeks. 

In many cases, a remote working setup might ...

Read More →
0

Backup Strategy in six points (and a free mnemonic)

Posted by:

Good backup strategy = a better night’s sleep. It’s as simple as that.  It’s also difficult to get right and needs constant tweaking, not just because the amount of data we’re producing is growing exponentially, but also because the options for quick, secure backup are increasing, and that’s a very good thing!

Conversely, bad backup strategy is worse than useless as you can pay a lot of money for a big bag of false hope.

Why ...

Read More →
0

Security Benefits and Perils of Serverless Computing

Posted by:

Whether you run your infrastructure in house or in the cloud, you’ve probably heard of serverless computing, and how it can make running applications easier and cheaper.  But is it all it’s cracked up to be, and is it more secure than running ‘always on’ servers?

Let’s start with the obvious advantages:

No infrastructure to maintain, not even virtual

With serverless computing, you don’t have to worry about provisioning servers, not even virtual ones. Your code runs ...

Read More →
0
Page 1 of 6 12345...»
})
SEC Cybersecurity Exams