David Laceys IT Security Blog

Recent Posts

  • Choose your business partners with care

    David Lacey 21 May 2010
  • I was staggered to read that authorities in a southern Indian state are planning to set up an outsourcing unit in a jail. They obviously think it's a good idea. But any customers that suffer a ...

  • Who cares about privacy?

    David Lacey 19 May 2010
  • Ten years ago I forecast that the concept of privacy would not survive the growing interests in mining the growing bonanza of personal information for commercial, security or espionage benefits. I ...

  • Time for a revolution in security management

    David Lacey 17 May 2010
  • Information security management has reached a strategic inflection point: a time from which the effectiveness of traditional countermeasures will decline sharply. Our approach to security ...

  • Security in outsourcing and offshoring

    David Lacey 09 May 2010
  • his week sees the publication of my new book "Managing Security in Outsourced and Off-shored Environments: How to Safeguard Intellectual Assets in a Virtual Business World". It's published by BSI ...

  • Physician, heal thyself - higher standards needed

    David Lacey 09 May 2010
  • It saddens me to see good security initiatives holed by sloppy security practice. My in-tray has been full of emails urging me to comment on reports about the lack of security in the web site for ...

  • Global perspectives on information security

    David Lacey 09 May 2010
  • Last week I was fortunate enough to be conducting keynote presentations in Hong Kong and Singapore. Amongst other things, it was fascinating to contrast the Asian perspective on information ...

  • Reflections on Infosecurity Europe

    David Lacey 03 May 2010
  • Last week's Infosecurity Europe was an excellent opportunity to compare notes with practitioners from hundreds of customer and vendor organisations. This year is an interesting one for information ...

  • Convergence of Physical and IT Security risks

    David Lacey 21 Apr 2010
  • I note that Convergence is back on the conference agenda, with a keynote panel, chaired by Dr David King, scheduled for the opening morning of next week's Infosecurity Europe. Keen supporters of ...

  • Passwords and the cost of security

    David Lacey 14 Apr 2010
  • A friend of mine drew my attention to an interesting article on the Boston Globe website which suggests our security advice to users is (literally) a waste of time. The feature was prompted by the ...

  • Time for mandatory standards for data quality

    David Lacey 11 Apr 2010
  • The recent report of the UK National Health Service confirming 21 cases in which the wrong organs may have been taken from donors because of data handling errors reflects a much wider problem of ...

  • Nature knows best

    David Lacey 11 Apr 2010
  • I've always believed that some of the best ideas for security can be found in nature. Death and sex, for example, hold essential lessons for systems survivability. The latest example of this type ...

  • The real economics of security

    David Lacey 01 Apr 2010
  • The Internet Security Alliance (ISA) and the American National Standards Institute (ANSI) have just published a guide "The Financial Management of Cyber Risk: An Implementation Framework for CFOs". ...