David Laceys IT Security Blog
Recent Posts
-
The slow, painful death of real information security
02 Jul 2011 -
Countering Advanced Persistent Threats
11 Jun 2011 -
Self-encrypting drives
07 Jun 2011
I've blogged before about the perils of best practices and standards, and the crippling effect of compliance on security programmes. The consequences, however, are getting more serious as these ...
This week's ISSA-UK Chapter meeting addressed the subject of the Advanced Persistent Threat (APT). It was illuminating to hear four very different perspectives from a government expert, an ...
I've long been an enthusiastic supporter of self-encrypting drives (SEDs), a technology that offers substantially better performance and security than software-based encryption solutions. SEDs can ...
-
Lessons from the attack on Lockheed Martin
03 Jun 2011 -
Why you need an elevator pitch
20 May 2011 -
Keep it Simple Stupid
19 May 2011 -
The Three Faces of Information Security
25 Apr 2011 -
Reflections on Infosecurity Europe 2011
24 Apr 2011 -
What keeps you awake at night?
14 Apr 2011 -
Is this as good as it gets?
30 Mar 2011
Regardless of who got access to what (if anything) in the recent reported cyber attack against Lockheed Martin, this incident contains valuable lessons for everyone. Here are some key principles to ...
Ian Cook's excellent Dragon News Bytes drew my attention to an article in the Wall Street Journal on the importance of having a prepared elevator speech. It's an essential requirement for any CISO, ...
One of the most important principles to observe in information security management is the KISS principle. Users will only accept solutions that are fast, cheap and simple. Security is a "grudge ...
Last week's sessions at Infosecurity Europe reminded me of the difference between compliance and real security. They are quite distinct objectives.They are in fact two of the three faces of ...
This week's Infosecurity Europe seemed quieter than usual. It was no surprise of course as it bordered on the Easter holiday. But it was a good event, made enjoyable and interesting by a ...
I had an email from Charles Pask yesterday, asking me for my opinion on "What keeps CISOs awake at night?" It's a good question. I thought for a bit and decided that "advanced persistent threat" ...
Every single day we hear new reports about large organizations being thoroughly penetrated by sophisticated attacks. Just when we thought it could not get any worse, it does. This is not just bad ...
-
RSA hack is a timely reminder of the need for richer authentication
20 Mar 2011 -
A security standard for small and medium sized enterprises
11 Mar 2011 -
Countering APT attacks
10 Mar 2011 -
Space Weather: The Next Y2K
03 Mar 2011 -
Cloud computing is not outsourcing
22 Feb 2011
Last week's admission by RSA that they had been the victim of a sophisticated espionage hack that could reduce the effectiveness of its authentication SecurID product, reminds us of the danger of ...
I'm delighted to announce the launch of the first information security standard for small and medium sized enterprises (SMEs, or SMBs as they're known in the USA). SMEs represent 99.9% of the ...
Leaked emails from the hacking of HBGary, a top US security investigator, provide further insight into the techniques and targets associated with advanced persistent threat (APT) attacks (a ...
A few weeks ago the press carried stories of a future "Global Katrina" costing the world economy $2,000 billion, caused by intense solar storms that are due in a year or two. Hardly anyone batted ...
An article in Computerworld UK reports that the latest advice from the Information Security Forum (ISF) is that information security professionals should treat cloud computing as they would any ...