
Sapsiwai - Fotolia
David Laceys IT Security Blog
Information security expert David Lacey discussed the latest ideas, best practices, and business issues associated with managing security.
January 2007
-
Gaining the Attention of Management Boards
31 Jan 2007 -
Moore's Law and Security
28 Jan 2007 -
White Hats Do Good
28 Jan 2007
This week it’s been put to me several times that the major problem for the Security function is gaining the attention and support of Management Boards. This surprises me because contemporary ...
Intel’s announcement that they will start manufacturing processors with transistors 45 nanometres wide means that Moore’s Law remains intact. For several years pessimists have speculated that this ...
Friday’s excellent White Hat Ball demonstrated that security professionals can deliver value to the Community, by raising a substantial amount of money for the Childline Charity. It was great to ...
-
Security and the Environment
26 Jan 2007 -
Time to Publicise Security Incidents?
24 Jan 2007 -
Employee Monitoring - a hot topic for 2007
22 Jan 2007 -
Designer Firewalls
21 Jan 2007 -
More Testing Please
20 Jan 2007 -
The Perils of Mis-addressed Communications
17 Jan 2007 -
Better Authentication Needed to Counter Man-in-the-Middle Attacks
17 Jan 2007
It’s always interesting to see what’s currently on the CIO agenda, so I took a couple of days out this week to attend Information Age’s Effective IT Summit at the Vale Hotel in Cardiff. Gaining ...
Ed Gibson's comments on my recent posting on "information security fatigue" raise a timely and important issue: Should we now publicise security incidents? I'm in favour. Compliance is already ...
Tonight I'm again debating the subject of Employee Monitoring at a CISO dinner. I've already posted some thoughts on this subject. But I've noticed quite a lot of interest and debate now being ...
For some months I’ve been beta testing an entirely new form of firewall. In fact it’s much more than that with 13 layers of security protection contained within a smart, pocket-size USB device that ...
It was refreshing and reassuring to see the Home Office coming clean about the lessons learned from the failure last year if its Electronic Passport Application system. I can understand the ...
Stuart King's blog posting on the danger of accidentally misaddressing emails reminded me of an incident I came across several years ago. But this was the opposite problem. Wrong source rather than ...
RSA have reported the discovery of a “Universal Man-in-the-Middle Phishing Kit” offered for free trial on an online fraudster forum. The kit enables fraudsters to create a fraudulent URL via a ...
-
Database Security - Patching is not enough
12 Jan 2007 -
Countering the Threat of Information Security Fatigue
10 Jan 2007 -
Who Needs Firewalls?
09 Jan 2007 -
ATM Security - and how not to improve it
06 Jan 2007 -
Lookalikes
06 Jan 2007
Next Tuesday, 16th January 2007, Oracle will issue 52 critical patches. It’s clearly a great leap forward for database vulnerability management. But it also illustrates the size of our security ...
Charles Pask's comments on my recent blog postings raise an interesting and realistic new threat: that our industry might lose credibility due to non-events, because we are simply too good at what ...
Reading a recent Techtarget email summary of security content from 2006 pointed me to an excellent paper "Security without firewalls: Sensible or silly?" about the San Diego Supercomputer Center's ...
The newspapers are full of stories about Ross Anderson’s experiments with ATMs, demonstrating something we already know quite well, which is that if you spend enough time in a laboratory with a ...
Looking at a couple of web sites from security vendors, I noticed a curious resemblance in the photographs. Chronicle Solutions, a UK vendor of digital communications monitoring solutions, and High ...