David Laceys IT Security Blog

Recent Posts

The slow, painful death of real information security
David Lacey 02 Jul 2011

I've blogged before about the perils of best practices and standards, and the crippling effect of compliance on security programmes. The consequences, however, are getting more serious as these ...

Countering Advanced Persistent Threats
David Lacey 11 Jun 2011

This week's ISSA-UK Chapter meeting addressed the subject of the Advanced Persistent Threat (APT). It was illuminating to hear four very different perspectives from a government expert, an ...

Self-encrypting drives
David Lacey 07 Jun 2011

I've long been an enthusiastic supporter of self-encrypting drives (SEDs), a technology that offers substantially better performance and security than software-based encryption solutions. SEDs can ...

Lessons from the attack on Lockheed Martin
David Lacey 03 Jun 2011

Regardless of who got access to what (if anything) in the recent reported cyber attack against Lockheed Martin, this incident contains valuable lessons for everyone. Here are some key principles to ...

Why you need an elevator pitch
David Lacey 20 May 2011

Ian Cook's excellent Dragon News Bytes drew my attention to an article in the Wall Street Journal on the importance of having a prepared elevator speech. It's an essential requirement for any CISO, ...

Keep it Simple Stupid
David Lacey 19 May 2011

One of the most important principles to observe in information security management is the KISS principle. Users will only accept solutions that are fast, cheap and simple. Security is a "grudge ...

The Three Faces of Information Security
David Lacey 25 Apr 2011

Last week's sessions at Infosecurity Europe reminded me of the difference between compliance and real security. They are quite distinct objectives.They are in fact two of the three faces of ...

Reflections on Infosecurity Europe 2011
David Lacey 24 Apr 2011

This week's Infosecurity Europe seemed quieter than usual. It was no surprise of course as it bordered on the Easter holiday. But it was a good event, made enjoyable and interesting by a ...

What keeps you awake at night?
David Lacey 14 Apr 2011

I had an email from Charles Pask yesterday, asking me for my opinion on "What keeps CISOs awake at night?" It's a good question. I thought for a bit and decided that "advanced persistent threat" ...

Is this as good as it gets?
David Lacey 30 Mar 2011

Every single day we hear new reports about large organizations being thoroughly penetrated by sophisticated attacks. Just when we thought it could not get any worse, it does. This is not just bad ...

RSA hack is a timely reminder of the need for richer authentication
David Lacey 20 Mar 2011

Last week's admission by RSA that they had been the victim of a sophisticated espionage hack that could reduce the effectiveness of its authentication SecurID product, reminds us of the danger of ...

A security standard for small and medium sized enterprises
David Lacey 11 Mar 2011

I'm delighted to announce the launch of the first information security standard for small and medium sized enterprises (SMEs, or SMBs as they're known in the USA). SMEs represent 99.9% of the ...

Countering APT attacks
David Lacey 10 Mar 2011

Leaked emails from the hacking of HBGary, a top US security investigator, provide further insight into the techniques and targets associated with advanced persistent threat (APT) attacks (a ...

Space Weather: The Next Y2K
David Lacey 03 Mar 2011

A few weeks ago the press carried stories of a future "Global Katrina" costing the world economy $2,000 billion, caused by intense solar storms that are due in a year or two. Hardly anyone batted ...

Cloud computing is not outsourcing
David Lacey 22 Feb 2011

An article in Computerworld UK reports that the latest advice from the Information Security Forum (ISF) is that information security professionals should treat cloud computing as they would any ...

SearchCIO

David Laceys IT Security Blog

Recent Posts

The slow, painful death of real information security

Countering Advanced Persistent Threats

Self-encrypting drives

Lessons from the attack on Lockheed Martin

Why you need an elevator pitch

Keep it Simple Stupid

The Three Faces of Information Security

Reflections on Infosecurity Europe 2011

What keeps you awake at night?

Is this as good as it gets?

RSA hack is a timely reminder of the need for richer authentication

A security standard for small and medium sized enterprises

Countering APT attacks

Space Weather: The Next Y2K

Cloud computing is not outsourcing

-ADS BY GOOGLE

SearchCIO

Surveillance technology under fire, amid growing societal concerns

Deep learning pioneer Fei-Fei Li on the fundamentals of ethical AI

Andrew Ng's AI playbook for the enterprise: 6 must-dos

SearchSecurity

Barracuda Advanced Bot Protection safeguards web applications

Microsoft bets on ElectionGuard SDK to fortify election security

10 ways to prevent computer security threats from insiders

SearchNetworking

Huawei ban will hasten its retreat from U.S. suppliers

Cisco vulnerability fix for thrangrycat carries risks

The status of white box networking in the enterprise

SearchDataCenter

How do I size a UPS unit?

How to enhance FTP server security

3 ways to approach cloud bursting

SearchDataManagement

The main picks for Hadoop distributions on the market

Inside view of Tibco integration architecture planning

Lumina launches Radiance, a data risk management platform