Sergej Khackimullin - Fotolia

Risk Management with Stuart King and Duncan Hart

Dealing with the operational challenges of information security and risk management.

September 2008

  • Chips and custard

    Stuart King - Reed Elsevier 29 Sep 2008
  • Two things that definately do not go together are chips and custard. Unless you're pregnant. Or from Belgium where I suppose it's not too far removed from smothering your frites with mayo. An old ...

  • Breaking websites without touching the application

    Stuart King - Reed Elsevier 26 Sep 2008
  • Just as there is more than one way to skin a cat, there are many ways to break a web application. When I speak to developers and ask them if they are producing a secure system, the answer I'll get ...

  • Value of CISSP status

    Stuart King - Reed Elsevier 25 Sep 2008
  • It's been a while since I updated my CISSP certification with CPE credits. In fact, I've not even thought of it even though I've got plenty accumulated and was wondering why I continue to pay the ...

  • BBC Mailing List Compromised

    Stuart King - Reed Elsevier 24 Sep 2008
  • A point I frequently make is that it's not just the regulated and sensitive data sets that have value and require good control. Simple lists of email addresses and names also have value. No better ...

  • Unauthorised software on the network

    Stuart King - Reed Elsevier 24 Sep 2008
  • I spent a good part of a recent day discussing the reasons why I had instructed the removal of certain unauthorised software from a number of PCs on the company network. The arguments that came my ...

  • There's a hole in your network and you're not the first to know...

    Stuart King - Reed Elsevier 22 Sep 2008
  • In the words of the great poet, David Brent (from The Office), "If you can keep your head when all around you have lost theirs, then you probably haven't understood the seriousness of the ...

  • Hypothetical situation: security incident or not?

    Stuart King - Reed Elsevier 19 Sep 2008
  • A friend and I were imagining the following hypothetical situation: somebody performs a change to a network service which subsequently (let's presume it's business critical) is out of action for an ...

  • Information security is not recession proof

    Stuart King - Reed Elsevier 18 Sep 2008
  • I keep getting told how lucky I am to be doing a job perceived to be "recession proof." Personally I don't think this is the case. If the company were to go down then I doubt there would be much ...

  • Communication and the first law of security

    Stuart King - Reed Elsevier 16 Sep 2008
  • Security makes for a great scapegoat. "We can't get access to the website" then blame security. "My computer is running too slow", blame all the security tools on it. "I can't get access to the ...

  • Cern Website Hacked

    Stuart King - Reed Elsevier 15 Sep 2008
  • A website associated with the Large Hadron Collider (LHC) atom-smashing experiment at Cern has been hacked.A group of hackers called the GST, or Greek Security Team, has claimed responsibility for ...

  • Hotel networks put corporate users at risk

    Stuart King - Reed Elsevier 15 Sep 2008
  • New research published that should make you pause for thought as you connect your laptop up to the hotel network the next time you're away somewhere on business....we were forced to conclude that ...

  • PCI Compliance - dispelling some common myths

    Stuart King - Reed Elsevier 12 Sep 2008
  • I was supposed to be in Paris today, auditing various PCI related things. Unfortunately, the fire in the Channel Tunnel has put paid to those particular plans. Not that I'm too upset - I'm rather ...

  • Security Posture Metrics

    Stuart King - Reed Elsevier 10 Sep 2008
  • Those of you who struggle to define suitable metrics for reporting the state of your company information security program might in interested in a set of "free metrics for measuring an ...

  • Success through influence

    Stuart King - Reed Elsevier 09 Sep 2008
  • I was in an interesting discussion yesterday about the importance of having good skills to influence senior leaders within an organisation in order to be a successful information security ...

  • Security Entropy

    Stuart King - Reed Elsevier 08 Sep 2008
  • Security controls inevitably degrade over time as technology changes, criminals modernize their methods, and systems begin to suffer from natural entropy.Last week I attended a seminar where the ...