David Laceys IT Security Blog

Recent Posts

  • Forecasts for 2012

    David Lacey 20 Dec 2012
  • It's the time of year when pundits express opinions on the year ahead. And naturally I have my own views. Before that, let's take a quick look at my forecasts for 2012. How well did I do? Last ...

  • Towards real -time security

    David Lacey 23 Nov 2012
  • I've commented many times that cyber security management today is far too slow. It's the result of many factors: the treacle of standards and compliance; the need to gain business case approval for ...

  • Computer says No

    David Lacey 29 Oct 2012
  • A few postings ago, I mentioned the growing number of high-profile digital catastrophes reported in the media. And I wasn't referring to natural disasters such as fire and flood or deliberate ...

  • Reflections on RSA Europe 2012

    David Lacey 13 Oct 2012
  • For those of you who couldn't make RSA's latest thrash in London I can report that there were, as expected, no real surprises. It's a shame as cyber security is booming at a time when emerging ...

  • RSA Conference Europe 2012

    David Lacey 07 Oct 2012
  • This Tuesday marks the start of RSA Europe 2012. It's a leading brand and a major event. US vendors will be there in force, as will the cream of the European security community. The formula has ...

  • Media Trends in Cyber Security

    David Lacey 05 Sep 2012
  • I'm now back blogging after an extended break of several weeks. Unsurprisingly, nothing much has changed in the world of cyber security, except for the media coverage, which has grown in quantity, ...

  • One size should not fit all

    David Lacey 22 Jul 2012
  • I spend a lot of time working with big and small enterprises, helping with information security or risk management issues. What continues to amaze me is how much they differ in their security ...

  • Personal Continuity Planning

    David Lacey 08 Jul 2012
  • We have computers to thank for teaching us the importance of business continuity planning. The real objective might be to keep the business running rather than prop up the technology, but the ...

  • The Truth about Cyber Security

    David Lacey 17 Jun 2012
  • My blog postings have been very thin lately. This was due to my annual Scottish fly-fishing holiday (the highest priority in my calendar) followed by the Queen's Diamond Jubilee and a mass of catch ...

  • The Wild Western Art of War

    David Lacey 15 May 2012
  • You can't visit the Far East without contemplating the contrast between Eastern strategies of negotiation, and the less colourful philosophies of the Wild West. The Thirty-Six Chinese Strategies, ...

  • Impressions from the East

    David Lacey 13 May 2012
  • I'm just back from a week in the Far East where I was opening the 13th Info-Security Project Conference in Hong Kong. It's a couple of years since I last spoken at this conference so it was ...

  • Reflections on Infosecurity Europe week

    David Lacey 28 Apr 2012
  • I always look forward to Infosecurity Europe week, which guarantees a great congregation of security luminaries and practitioners in London. I say "week" because there is so much going on around ...

  • Death by a thousand facts

    David Lacey 24 Apr 2012
  • Death by a thousand facts is the title of a recently published academic paper by Geordie Stewart and me. It sets out to examine why mainstream information security awareness techniques have failed ...

  • What's the point of a management system?

    David Lacey 22 Apr 2012
  • My blog posting on OODA loops prompted a response from Andrew Yeomans, pointing out that Deming loops and Boyd loops are not mutually exclusive, i.e. you can have a slow moving management system ...

  • Oxford takes an interesting lead

    David Lacey 09 Apr 2012
  • A few weeks ago, along with some of the great and good, I attended the launch of the new Oxford University Cyber Security Centre. I wasn't expecting anything especially new but I have to say I was ...