David Laceys IT Security Blog

Recent Posts

The slow, painful death of real information security
David Lacey 02 Jul 2011

I've blogged before about the perils of best practices and standards, and the crippling effect of compliance on security programmes. The consequences, however, are getting more serious as these ...

Countering Advanced Persistent Threats
David Lacey 11 Jun 2011

This week's ISSA-UK Chapter meeting addressed the subject of the Advanced Persistent Threat (APT). It was illuminating to hear four very different perspectives from a government expert, an ...

Self-encrypting drives
David Lacey 07 Jun 2011

I've long been an enthusiastic supporter of self-encrypting drives (SEDs), a technology that offers substantially better performance and security than software-based encryption solutions. SEDs can ...

Lessons from the attack on Lockheed Martin
David Lacey 03 Jun 2011

Regardless of who got access to what (if anything) in the recent reported cyber attack against Lockheed Martin, this incident contains valuable lessons for everyone. Here are some key principles to ...

Why you need an elevator pitch
David Lacey 20 May 2011

Ian Cook's excellent Dragon News Bytes drew my attention to an article in the Wall Street Journal on the importance of having a prepared elevator speech. It's an essential requirement for any CISO, ...

Keep it Simple Stupid
David Lacey 19 May 2011

One of the most important principles to observe in information security management is the KISS principle. Users will only accept solutions that are fast, cheap and simple. Security is a "grudge ...

The Three Faces of Information Security
David Lacey 25 Apr 2011

Last week's sessions at Infosecurity Europe reminded me of the difference between compliance and real security. They are quite distinct objectives.They are in fact two of the three faces of ...

Reflections on Infosecurity Europe 2011
David Lacey 24 Apr 2011

This week's Infosecurity Europe seemed quieter than usual. It was no surprise of course as it bordered on the Easter holiday. But it was a good event, made enjoyable and interesting by a ...

What keeps you awake at night?
David Lacey 14 Apr 2011

I had an email from Charles Pask yesterday, asking me for my opinion on "What keeps CISOs awake at night?" It's a good question. I thought for a bit and decided that "advanced persistent threat" ...

Is this as good as it gets?
David Lacey 30 Mar 2011

Every single day we hear new reports about large organizations being thoroughly penetrated by sophisticated attacks. Just when we thought it could not get any worse, it does. This is not just bad ...

RSA hack is a timely reminder of the need for richer authentication
David Lacey 20 Mar 2011

Last week's admission by RSA that they had been the victim of a sophisticated espionage hack that could reduce the effectiveness of its authentication SecurID product, reminds us of the danger of ...

A security standard for small and medium sized enterprises
David Lacey 11 Mar 2011

I'm delighted to announce the launch of the first information security standard for small and medium sized enterprises (SMEs, or SMBs as they're known in the USA). SMEs represent 99.9% of the ...

Countering APT attacks
David Lacey 10 Mar 2011

Leaked emails from the hacking of HBGary, a top US security investigator, provide further insight into the techniques and targets associated with advanced persistent threat (APT) attacks (a ...

Space Weather: The Next Y2K
David Lacey 03 Mar 2011

A few weeks ago the press carried stories of a future "Global Katrina" costing the world economy $2,000 billion, caused by intense solar storms that are due in a year or two. Hardly anyone batted ...

Cloud computing is not outsourcing
David Lacey 22 Feb 2011

An article in Computerworld UK reports that the latest advice from the Information Security Forum (ISF) is that information security professionals should treat cloud computing as they would any ...

SearchCIO

David Laceys IT Security Blog

Recent Posts

The slow, painful death of real information security

Countering Advanced Persistent Threats

Self-encrypting drives

Lessons from the attack on Lockheed Martin

Why you need an elevator pitch

Keep it Simple Stupid

The Three Faces of Information Security

Reflections on Infosecurity Europe 2011

What keeps you awake at night?

Is this as good as it gets?

RSA hack is a timely reminder of the need for richer authentication

A security standard for small and medium sized enterprises

Countering APT attacks

Space Weather: The Next Y2K

Cloud computing is not outsourcing

-ADS BY GOOGLE

SearchCIO

GE: Success of AI systems tied to engineering, not algorithms

Symantec CIO: Digital transformation plan shaped by cloud, AI

Symantec CIO strategy: Add 'extreme value' to the business

SearchSecurity

Incident response playbook in flux as services, tools arrive

Fine-tuning incident response automation for optimal results

How to integrate an incident response service provider

SearchNetworking

How to simplify your overly complex networking design

IT spending shows cloud-focused data center architectures

Hybrid cloud strategies should be reimagined as multi-cloud

SearchDataCenter

Rackspace colocation program hosts users' legacy servers

Broadcom acquisition of CA seeks broader portfolio

Ten Linux process management commands that simplify admin workflows

SearchDataManagement

Chief data officer role: Searching for consensus

How graph data modeling can help evaluate database tools

eHarmony hooks up with Redis NoSQL database for hot storage