Recent Blog Posts

As cybercrime becomes ever more widespread and the actors involved diversify, targeted organisations must become more sophisticated and timely in their ability to detect and respond.

I’ve had some interesting conversations recently with Professor Fred Piper regarding risk probability. The discussion started because I was concerned about assessments of risk probability, as one ...

I've been pressing for greater speed in security management for many years. "Replace the Deming Loop with the Boyd (OODA) loop" has been my mantra. Yet when I first encountered DEVOPS, I ...

Information security expert David Lacey discussed the latest ideas, best practices, and business issues associated with managing security.

Dealing with the operational challenges of information security and risk management.

A look at the latest trends in IT security from the experts at Bloor Security.

Heavy demands for research and consultancy have restricted my blog postings this year. It's a reflection of the unrelenting growth in anything connected with cyber security. My New Year's ...

I admit to being a long-standing critic of past UK government research initiatives. Having sponsored and managed several partly-funded research projects I've been disappointed with the decreasing ...

I missed the opening of this year's Infosecurity Europe as I was speaking in Zurich. I did however catch the end, though there was little to fire my attention. The theme was dated, the slogans on ...

It was interesting to see Tim Cook, CEO of Apple, voicing his opinions that government and companies should not have access to private consumer information. It's rich coming from a vendor with ...

I almost forgot to mention that last week's New Statesman carried a major feature on Cyber security in Britain, including articles from Francis Maude, Peter Sommer and myself. (Mine's the doom and ...

Last week GCHQ was censored over its sharing of internet surveillance data with the United States. There's no real surprise here. But what is interesting is to read it in the context of the New ...

I keep reading defeatist talk. The latest is from a chap called James Lewis, a cybersecurity expert at the Washington DC based Center for Strategic and International Studies, who has been claiming ...

The last two years have been an eye-opener for business, governments and citizens. They should now be aware of the vulnerability of information systems to penetration by spies, hackers and ...

Behind the escalating war of words between North Korea and the United States in the wake of the cyber attacks on Sony lies a dangerous, but inevitable trend: the beginnings of real cyber terrorism. ...

It's the time of year when we reflect on our progress (or failures) over the last year and anticipate the challenges of the coming year. Last year I made half a dozen predictions for 2014. How well ...

Last week Dr Hugh Thompson of Blue Coat and RSA fame was in London. I was fortunate to find a slot with him to meet up and exchange ideas. I like Hugh because he's not like the regular, dull ...

Whether you like the term or not the so-called Internet of Things is generating a huge amount of interest, and a growing amount of security research, including great opportunities for ...

I was pleased to read in the Sunday Telegraph that GCHQ values the security skills of dyslexic young people, employing over 100 dyslexic and dyspraxic neuro-diverse analysts. I fully support this ...

I'm finally back blogging after a delightful summer break. Surprisingly, not a lot has changed in the cyber security world. Big security breaches have been surprisingly thin on the ground. And most ...

This week Doc Hugh Thompson of RSA fame was in London. We had an interesting and entertaining debate on current and future trends. Hugh is a consummate, multi-tasking professional: lecturer in ...

My last posting was perhaps a bit too negative. I should correct that by setting out my own solutions to cyber security. Here are my ten answers. Invest more public money into imaginative new ...

I was fascinated to see that the latest issue of Forbes magazine has a feature on cyber security. It sets out what must be fixed according to ten top experts. Have they got it right? The answer ...

Last night a friend sent me an email drawing attention to the UK Government's new cyber security scheme. This one is called "Cyber Essentials". So what's new? And what does it offer? The answer is ...

Tuesday evening saw the London launch of IDATE's 2014 version of their DigiWorld Yearbook, an excellent guide to telecoms, Internet and media markets. It was a useful opportunity to catch up with ...

It's remarkable that in the face of the most sophisticated espionage threats, the most capable cyber-criminals, and the most severe compliance requirements ever experienced, the cyber security ...

It's interesting how many people are attracted to penetration testing, thinking it's more interesting and fun than conventional product testing, They're wrong. Scanning platforms for ...

As I expected we keep finding more and more security vulnerabilities in devices that shouldn't have them: essential control systems that govern the safety of critical infrastructure. The latest ...

Dropped through my door last week was the flyer advertising Infosecurity Europe 2014. The theme is "Security as a business enabler - are you fit for 2014?" It is an unfortunate choice of words, ...

Several weeks ago an Australian friend of mine sent me a delightful note pointing out how recent events and media reporting had confirmed some controversial points I had made last year in the ...