David Laceys IT Security Blog

Recent Posts

  • Reflections on RSA 2011

    David Lacey 21 Feb 2011
  • Just back from this year's RSA Conference in California, the biggest security bash in the world, with around 20,000 visitors and a huge pipeline of would-be speakers and exhibitors. Whatever your ...

  • Paperwork or real solutions?

    David Lacey 11 Feb 2011
  • My apologies for the recent radio silence. I've been busy overseas providing education and support in up-and-coming regions. I do this because I believe it's vital to train up new consultants and ...

  • It's exploitation, not possession that counts

    David Lacey 27 Jan 2011
  • Last year we saw the beginning of a change in attitude to information security, with a growing realisation that highly sophisticated attacks (such as Stuxnet) can and do happen. The threat is now ...

  • Let's ditch best practices

    David Lacey 12 Jan 2011
  • Computerworld UK has just published an article from me combining three of my favourite thoughts. The first is that we should ditch old standards such as ISO 27001 and develop new practices. ...

  • Security Forecasts for 2011

    David Lacey 02 Jan 2011
  • What will 2011 hold for information security professionals? Last year I predicted a year of change. It did not happen. But we are incubating a major crisis: legacy systems are vulnerable; existing ...

  • Security Forecasts for 2010 - Right or Wrong?

    David Lacey 31 Dec 2010
  • As we near the end of 2010 it's interesting to look back and see how accurate my forecasts for the year proved to be. A year ago, I predicted that 2010 would be a year of change, and I expected to ...

  • A poem for Christmas (2)

    David Lacey 22 Dec 2010
  • This year, Imperva have also penned a Christmas poem with a security flavour... 'Twas the CISO Before Christmas 'Twas the night before Christmas, when all through the Net Every hacker was stirring, ...

  • Poems for Christmas (1)

    David Lacey 22 Dec 2010
  • Each Christmas, Alan Stockey pens a seasonal poem with a security flavour. This year's is taken from his practical book of cats... Integrity - The Missing Cat! Integrity's the missing cat, he's ...

  • Information Security 2020

    David Lacey 16 Dec 2010
  • Back in October, the ISSA-UK Advisory Board, together with some of the UK's top information security thought leaders, met to discuss the challenges of the next decade of information security. The ...

  • Power to the people

    David Lacey 09 Dec 2010
  • The continuing hacktivist attacks in support of Wikileaks are a classic example of how networks transfer power from traditional institutions to citizens. Power is no longer something you can obtain ...

  • Transparency is the best policy

    David Lacey 08 Dec 2010
  • In the wake of the Wikileaks scandal, the UK Prime Minister's national security adviser is reported to have written to departments, asking them to look again at their information security and ...

  • Perception can be more dangerous than reality

    David Lacey 02 Dec 2010
  • The claim by Julian Assange in Forbes that Wikileaks is targeting major corporates and has a major bank in its sights has already depressed the stock value of one top American bank, though nothing ...

  • The Laws of Information Security

    David Lacey 23 Nov 2010
  • Andrew Yeomans reminded me of Peter Cochrane's Real Laws of Information Security. Inspired by these, I decided to create my own. The purpose of an information security programme is to cover the ...

  • Dual purpose technologies

    David Lacey 22 Nov 2010
  • The interesting thing from a security perspective about new technologies is that they solve as many problems as they create. Cloud computing and virtualization are great examples of that, providing ...

  • It's the instrumentation, stupid

    David Lacey 19 Nov 2010
  • I prefer to avoid clichés, but this snowclone heading seems to best capture the missing dimension in the current debate on cyber defence. Judging by the latest tome from Chatham House, we can ...