David Laceys IT Security Blog

Recent Posts

  • Meeting the demands of the contemporary security market

    David Lacey 09 Apr 2012
  • It's been a long time since I last blogged. It's been due to excessive commitments. Freelance work has been thick and fast since the beginning of the year, reflecting an increasingly a robust ...

  • The wrong type of loop

    David Lacey 21 Feb 2012
  • We all know that information security management only works if we "close the loop", i.e. that telling people to do things does not work unless you check they are actually doing it. The problem is ...

  • Our only hope lies with Academia

    David Lacey 17 Feb 2012
  • Lately I've been spending more time lecturing to universities (Oxford and Surrey this week, Portsmouth the week after next). At each session I set out to present what's wrong with Information ...

  • Business continuity management for small companies

    David Lacey 15 Feb 2012
  • My latest book "Business Continuity Management for Small and Medium Enterprises" has just hit the streets. Inspired by the Cabinet Office and published by BSI it aims to simplify the essential ...

  • Trust and Society

    David Lacey 14 Feb 2012
  • I used to think that Bruce Schneier was out of touch with industry CISOs, but now I think that they are out of touch with him. He's come on tremendously in recent years. I saw him present to the ...

  • Up close and personal

    David Lacey 14 Feb 2012
  • We all know there's no such thing as a free lunch. Rose Ross, a PR adviser, bought me one last week. The payback was a personal interview on her Countdown to Infosecurity site. I tried to be light ...

  • Boutique consultancies are back in fashion

    David Lacey 08 Feb 2012
  • It's been a few weeks since my last blog posting. That's the bad news. The good news is that it's the result of being rushed off my feet with consultancy assignments. Interestingly it's not my ...

  • Time to come clean about the state of our security

    David Lacey 18 Jan 2012
  • There's talk that corporate security is now so ineffective that breaches are inevitable and the focus must therefore switch to detecting, containing and responding to intrusions, rather than aiming ...

  • Six security forecasts for 2012

    David Lacey 29 Dec 2011
  • My crystal ball tells me that 2012 is a relatively predictable one. That's largely because we've experienced significant changes in the political, business and security landscapes, ones that are ...

  • Security Forecasts for 2011 - Right or Wrong?

    David Lacey 26 Dec 2011
  • As we near the close of 2011, I find it instructive to look back and see just how accurate my forecasts proved to be. At the start of the year I forecast three major shifts in thinking during 2011. ...

  • No fix in sight for SCADA security

    David Lacey 16 Dec 2011
  • Well done for Shell for drawing public attention to the serious hazards presented by cyber attacks on physical machinery. Unfortunately it's much too late. Today's critical infrastructure is ...

  • Small businesses need better security advice

    David Lacey 13 Dec 2011
  • I was concerned to read a recent report of a study by SecurityMetrics, a vendor of merchant data security solutions, which claims that 71% percent of the merchants who took part were found to store ...

  • Following the rules of the game

    David Lacey 11 Dec 2011
  • Michael Colao's excellent presentation to the ISSA-UK Chapter last week on the legal implications of social networking got me thinking. Not so much about the letter of the law, but more about the ...

  • Communicating information quickly and efficiently

    David Lacey 10 Dec 2011
  • Information security practitioners have long been poor at developing awareness materials. Partly this is because misguided governance systems focus on legalistic policies and procedures that no one ...

  • Another elephant in the Cloud

    David Lacey 07 Dec 2011
  • Experienced professionals don't need Machiavelli to point out that introducing change is difficult, not just from a technical perspective but also from a political or legal one. Outsourcing and ...