Stuart King's Security and Risk Management Blog: Archives

Archives

2008.05.13: Data Loss Epidemic
2008.05.12: HSBC lose a server
2008.05.10: Insider Threats: the biggest Information Security risk
2008.05.09: Laptop encryption
2008.05.07: Peter Gabriel Web Server Stolen
2008.05.06: Microsoft Senior PC - not just for the elderly
2008.05.05: Top five information security blog posts
2008.05.02: Web scam suicide
2008.05.01: Is security really a business enabler?
2008.04.30: Traffic stats and the top 10 blogs
2008.04.29: Portable Identity and the BBC
2008.04.28: Petty local government bureaucracy alive and well!
2008.04.28: On trial - role of the CISO
2008.04.24: Nigerian 419 scam on LinkedIn
2008.04.22: Reindeer meat and a new industry portal
2008.04.21: We are the weakest link
2008.04.20: Clear communications
2008.04.15: Infosec Europe
2008.04.14: Positive Approach to Security Requests
2008.04.14: Too much thinking
2008.04.09: End to end trust
2008.04.07: Spam - still hard to stomach
2008.04.04: Flattery will get you nowhere
2008.04.03: Sexing up the logs
2008.04.02: Quick risk assessment tips
2008.03.31: 10 things learnt in the last 12 months
2008.03.25: On the road again
2008.03.23: The First Rule of Programming: It's Always Your Fault
2008.03.19: Network IPS Systems - still worth buying?
2008.03.18: Bad Phorm
2008.03.16: Malware in MP3 players
2008.03.15: Web Security - Scanners, Firewalls and the SDLC
2008.03.14: Malware still the biggest threat
2008.03.12: 2008 Budget - On biometrics at Heathrow
2008.03.10: Consumer networks for business use
2008.03.08: Tall stories from Chinese hackers
2008.03.07: Biometrics would not have prevented SocGen incident
2008.03.04: Counterfeit Cisco gear threatens more than the network
2008.03.04: Security BPM
2008.02.29: Cold Boot Encryption Hack - Follow Up
2008.02.29: HMRC appoints 37 data guardians
2008.02.28: Professional Accreditation - IISP
2008.02.27: Risk assessment - a basket case
2008.02.25: YouTube Outage - Consumerisation Risks Come Real
2008.02.24: Real cost of a data breach
2008.02.23: Laptop Disk Encryption Vulnerabilities
2008.02.23: Google Hacking Tool Released
2008.02.21: Infosec Spain
2008.02.18: Biometric security -
2008.02.14: My security department is not wasting its time
2008.02.13: Thin client computing
2008.02.11: Travel Tales
2008.02.11: Personal Web Mail Security Risks
2008.02.10: Anti-Malware Testing Standards Organization
2008.02.09: One Step Closer to Internet Single Sign-On
2008.02.06: Think Tank on Social Networking
2008.02.05: Availability and Security
2008.02.04: Technical controls versus people and process
2008.02.03: PCI scanning
2008.02.03: Blindside Blog
2008.02.03: Metrics - not quite there yet
2008.01.30: Can Agile development be secure? Yes it can!
2008.01.26: Janet & John Security
2008.01.24: Security Metrics - Are we secure?
2008.01.22: Government Data Loss
2008.01.21: The Dark Visitor
2008.01.20: Going round in circles
2008.01.20: Online security - a new approach needed
2008.01.18: Egg on my face?
2008.01.17: ICO plea to business
2008.01.14: What CIOs should be doing about security in 2008
2008.01.13: Chinese Hackers - are we under attack?
2008.01.10: Hacker safe? No it isn't.
2008.01.09: Snack attack
2008.01.09: Use this blog with caution
2008.01.08: Infosec Podcasts
2008.01.08: Hard sales
2008.01.07: Managing data - getting the definitions right
2008.01.06: RFID Passports
2008.01.05: Politics of Security
2008.01.02: Good blogs
2008.01.01: Happy New Year
2007.12.31: Securing home access to the network
2007.12.27: VoIP Security
2007.12.26: Millennials and Risk
2007.12.20: Challenges ahead
2007.12.19: Microsoft Developers Highway Code
2007.12.18: L-Driver data breach: L-Government?
2007.12.17: Are we feeling a little vulnerable?
2007.12.16: Prediction for 2008 - more targeted attacks
2007.12.12: Dangerous developers
2007.12.11: Skype me!
2007.12.10: Physical Security Controls
2007.12.09: I admit it - I'm a geek at heart
2007.12.08: Start taking security seriously
2007.12.05: Where did all the data go?
2007.12.04: Computer Weekly Social Networking Survey
2007.12.03: Customer 2.0
2007.12.02: Travel Tales
2007.12.02: Operation Bot Roast II
2007.11.29: 2007 Data Breach Survey
2007.11.28: Biggest corporate security threats
2007.11.28: Dangers of third party content
2007.11.27: 200 Today
2007.11.27: Password strength
2007.11.26: Changing threat environment
2007.11.25: Data breach analysis
2007.11.22: HMRC - further comment
2007.11.21: HMRC Data Incident
2007.11.19: Virtual Worlds - Where are the rules?
2007.11.18: Security Metrics
2007.11.17: Spam is still a threat
2007.11.15: Database Security - Facts are stubborn things, but statistics are more pliable
2007.11.14: Psychology & Security
2007.11.14: Database Log Management Paper
2007.11.12: Bot Master Banged to Rights
2007.11.11: Salesforce.com Phishing & Security Awareness
2007.11.10: Malware - continuing threat (Pt. 2)
2007.11.09: Malware - continuing threat (Pt. 1)
2007.11.08: Proving the effectiveness of desktop controls
2007.11.07: Infosec Steering Committee
2007.11.06: More on the consumerization of IT
2007.11.05: Non-company equipment on our networks
2007.11.03: CISSP - is it worthwhile?
2007.11.02: Infosec Europe Hall of Fame
2007.11.01: Risk and control
2007.10.31: The 10 deadly sins of information security management
2007.10.30: $10million supermarket scam
2007.10.30: EDS & BSkyB - A lesson for us all
2007.10.29: New PCI mandates
2007.10.29: Consumer Products in Enterprise Networks
2007.10.27: Data leaks - what can we do?
2007.10.27: Back to Earth
2007.10.26: Personality in Security
2007.10.25: AppExchange Update
2007.10.25: Opinion on the veto of AB779
2007.10.25: SFDC - AppExchange Certification Process
2007.10.25: Microsoft Security Intelligence Report
2007.10.23: Is security a "should" or a "must"
2007.10.22: Latest on application security
2007.10.21: More on ROI
2007.10.20: ROI of IPS
2007.10.19: Disaster recovery plans fail
2007.10.19: All in a days work
2007.10.18: Frank Abignale Interview
2007.10.18: Daycon
2007.10.17: Network security budgets
2007.10.17: IPS - to buy or not to buy
2007.10.16: LinkedIn - The first million is the hardest
2007.10.16: Security Key Performance Indicators
2007.10.15: Who owns the data?
2007.10.14: The Art of War for Security Managers
2007.10.13: PaaS - Amazon EC2 & Force.com
2007.10.12: GAO report on data breaches
2007.10.11: Infosec Europe - Podcast on social networking
2007.10.11: An image - at last!
2007.10.10: Online identity - My space?
2007.10.10: Discussion on the scope of Information Security
2007.10.09: Botnets
2007.10.08: Threat Expert
2007.10.08: Storm Worm
2007.10.07: Information Security reporting lines
2007.10.07: How to make a nice cup of tea
2007.10.06: A view on security budgeting
2007.10.05: Project Management and Security
2007.10.04: Getting to know you.
2007.10.02: Insecure code and automated testing
2007.10.02: Security Awareness -
2007.10.01: ISO 27001
2007.10.01: iPhone Updates
2007.09.29: Importance of logs
2007.09.27: LinkedIn Article
2007.09.27: Infosec Podcasts
2007.09.26: PCI Compliant? Let's focus on security instead...
2007.09.25: Insider Threat
2007.09.24: Sacked for using eBay - what a waste of time...
2007.09.22: Salesforce.com - Is that the way we all go?
2007.09.20: Data Protection Act - What's the Damage?
2007.09.19: Gartner IT Security Summit - Day 2
2007.09.18: Gartner IT Security Summit - day 1
2007.09.17: Skype again
2007.09.15: Stating the value of having a risk model
2007.09.13: Hacker proof encryption
2007.09.13: CISSP - is it worth it?
2007.09.12: Security Metrics
2007.09.09: Too much faith in vulnerable technology?
2007.09.07: HSBC new two-factor authentication system
2007.09.06: Never say "No"
2007.09.05: Back on the job
2007.04.10: Useful Links
2007.04.09: Hacking with Metasploit
2007.04.04: Rats in a sewer - Pt2.
2007.04.04: NT4 Security
2007.04.03: Crime and security
2007.04.03: Application logging
2007.03.31: A Saturday Comment
2007.03.28: Another laptop theft
2007.03.28: Use of Skype
2007.03.27: Data Breaches Can Hit Anyone
2007.03.26: Moving on...
2007.03.24: More on PCI - the audit guide
2007.03.22: How to get work in Information Security
2007.03.21: More on documenting security requirements
2007.03.20: Developer training or an Application Firewall - you decide..
2007.03.20: RSA Anti-Fraud Service
2007.03.20: RSA Anti-Fraud Service
2007.03.19: ISO Certification
2007.03.16: Security Awareness
2007.03.15: Kids and the Internet
2007.03.14: Attackers, hackers, and the CMA
2007.03.13: Bank login procedures - soapbox
2007.03.12: Risk assessment - how many locks?
2007.03.09: OWASP - Secure Development Projects
2007.03.08: OneCare - correction to earlier blog
2007.03.08: Identity Management Survey
2007.03.06: Microsoft OneCare - do we care?
2007.03.05: A new secure software special interest group
2007.03.05: Building an information security strategy
2007.03.01: Thoughts on UTM
2007.02.28: Dekstop AV - is Vista enough?
2007.02.27: Risk appraisal and acceptance process
2007.02.26: Compliance and risk
2007.02.23: OWASP Testing Guide v2
2007.02.22: Scope of Information Security
2007.02.22: Man on train displays password
2007.02.21: Importance of process
2007.02.20: Marketing security
2007.02.19: Threat modelling and risk ownership
2007.02.18: Colour blind
2007.02.15: Two factor authentication and PayPal
2007.02.12: Zero day attacks
2007.02.10: DWP pension letter mix-up
2007.02.09: Portable wireless hacking device
2007.02.08: Risk Assessment Process
2007.02.07: OpenID news
2007.02.06: Opinion on the IISP
2007.02.05: Vista views
2007.02.05: Data handling security
2007.02.02: Question on complex passwords
2007.02.01: OWASP
2007.01.31: More on the smartcard story - a solution
2007.01.30: Smartcard sharing
2007.01.30: Outsourced challenges
2007.01.24: Assessing data handling
2007.01.24: Downside of vulnerabilty testing
2007.01.23: Levels of detail
2007.01.22: Risk perceptions and historical data
2007.01.19: Compliance, change control, and firewalls
2007.01.17: Web site password policy
2007.01.15: Going to America
2007.01.12: More incident response
2007.01.12: Unit testing software
2007.01.11: Incident definition and response
2007.01.10: Risk assessment software deployment
2007.01.09: It's the developers fault....is it?
2007.01.08: Another unstructured blog
2007.01.08: A matter of life and death
2007.01.06: Show me the evidence
2007.01.05: PCI makes for "Superior Security"
2007.01.04: Rats in a sewer...
2007.01.03: How important is this?
2007.01.03: Importance of security in the SDLC
2007.01.02: Importance of documenting requirements
2006.12.27: What motivates a web site attack
2006.12.23: Saturday Soapbox
2006.12.22: Perceptions are the key to mitigating risk
2006.12.21: It can happen anywhere
2006.12.20: VISA PCI Incentives
2006.12.19: More on risk assessment
2006.12.18: Real world risk assessment - don't forget to consider costs
2006.12.16: Saturday Soapbox
2006.12.15: Safeguarding data - it's all in the process
2006.12.12: Regulatory Compliance - we need more detail
2006.12.12: More on outsourcing: software development
2006.12.11: Perception of outsourcing
2006.12.08: Return on Security Investment
2006.12.07: Wireless
2006.12.06: New software debate
2006.12.05: Passwords
2006.12.04: Getting the documentation right
2006.12.02: Security Perceptions
2006.12.01: Web 2.0 Security
2006.11.30: Microsoft and Vista
2006.11.29: Campaign for clear talking
2006.11.28: More on metrics
2006.11.27: Process and Security
2006.11.26: Security Certifications
2006.11.24: Financial impact of security incidents
2006.11.23: Happy Thanksgiving (and more on vulnerability scanners)
2006.11.22: Application Firewalls
2006.11.21: OWASP
2006.11.20: Vulnerability Scanners
2006.10.30: Security & Risk Blog

Stuart King's Security and Risk Management Blog

Dealing with the operational challenges of information security and risk management

Archives

Search

Recent Posts

Categories

Archives