David Laceys IT Security Blog

Recent Posts

  • In search of innovation

    David Lacey 15 Nov 2010
  • A colleague of mine recently commented on the 'herd behaviour' that has become commonplace in the information security community. It's a dangerous trend, which stifles innovation. And it's often ...

  • Next generation security technology

    David Lacey 31 Oct 2010
  • Many years ago, I predicted the death of the firewall. Many people were surprised at this statement. Firewalls were seen as an essential line of defence. But it was clear, even then, that simple ...

  • Can critical infrastructure be secured without standards?

    David Lacey 26 Oct 2010
  • According to Computerworld, the Australian Federal Attorney-General's Department has ruled out regulation of security standards for supervisory control and data acquisition (SCADA) systems for ...

  • Preparing for the next decade

    David Lacey 24 Oct 2010
  • Last week the ISSA-UK advisory board met at the House of Commons for dinner with a number of invited security luminaries to discuss the prospects for information security over the next decade. The ...

  • Countering cyber attacks

    David Lacey 18 Oct 2010
  • It's good to read that the UK Government is finally waking up to the fact that cyber attacks are a serious threat to the nation. In fact it's always been so. Why? Because we don't build secure ...

  • Reflections on RSA Conference 2010

    David Lacey 15 Oct 2010
  • The improving value of the British pound against the dollar makes visits to the USA more attractive. But if you just wish to experience the culture, you need to go no further than London Hilton ...

  • The perils of security metrics

    David Lacey 11 Oct 2010
  • Levels of spam are currently down, quite substantially. It's reportedly because a major source has gone off the air. But has the threat gone away? Unfortunately not. In fact, it illustrates one of ...

  • Risk communications that hit home

    David Lacey 11 Oct 2010
  • The most effective risk communications focus on consequences that are personal, immediate and certain. Authority, confidence and a small amount of exaggeration can help. So how about this ...

  • Security for Small/Medium Sized Organisations

    David Lacey 05 Oct 2010
  • Earlier this year I conducted research, on behalf of the Information Commissioner's Office, into the security requirements of small/medium sized enterprises, working with Barry James, a developer ...

  • Waking up to the emerging cyber security threat landscape

    David Lacey 04 Oct 2010
  • My blog has been very quiet lately as I've been on vacation. I seem to have come back to a changed world, one which has woken up to the reality that industrial process supervisory systems are ...

  • Cyber security comes of age

    David Lacey 08 Sep 2010
  • It's rare to find sensible discussion of cyber security topics by authoritative bodies. I was highly impressed, therefore,to find a reasonably informed paper by the Council on Foreign Relations, a ...

  • Cloud computing contracts

    David Lacey 07 Sep 2010
  • I've long believed that Cloud computing will not be taken up by large corporate until much better legal and security assurances are provided. I'd even go as far as to say that we need a brand new ...

  • Jumping to conclusions

    David Lacey 27 Aug 2010
  • I've written before about the continuous growth in spin, FUD and disinformation that we can expect to experience in the Information Age. It's a natural and inevitable consequence of networks. ...

  • Hardware security hits the road

    David Lacey 25 Aug 2010
  • However smart or daft you think Intel might be to pay a hefty premium of 60% to buy McAfee, there's no doubt that this $7.7 billion acquisition represents a major event in the security solution ...

  • Trends in threats

    David Lacey 24 Aug 2010
  • The latest Kaspersky Labs analysis of Information Security Threats in the Second Quarter of 2010 is essential reading. It's by far the best of the vendor research summaries of malware trends.This ...