Threat modelling and risk ownership
Private Eye and Channel Four report on NHS's National Programme for IT
When an IT-based project runs into trouble, should you respond by arguing its aims are supported?
Sent to me by a GP
Consolidation or Proliferation? The Future of Security Products
The Importance of Security Surveys
Confidential IT contracts may have to be disclosed - Information Tribunal decision under FoI
Two factor authentication and PayPal
Responding to the Growing Complexity in IT and Security
Supplier to £12bn NHS IT scheme questions whether key aspects will work
Zero day attacks
The Future of Standalone Security Products
Microsoft joins the Deperimeterisation Bandwagon
Planning for The Future
DWP pension letter mix-up
Portable wireless hacking device
Health Committee inquiry into the NHS IT programme - details announced
Risk Assessment Process
NHS IT programme at risk even if technically sound?
Opinion on the IISP
The Art of User Awareness
IT projects - links to reports on mistakes, incompetence and lessons learned
Data handling security
e-Crime in The Capital
Lessons learned from failure of online passport application system EPA2
From Forensics to e-Discovery
Question on complex passwords
Passport Service director: Why we’re going public on things we didn’t always get right
What went wrong - MP3 files on our interview with Bernard Herdan, Identity and Passport Service
Comment - when failure has a partly positive outcome
OWASP - Open Web Application Security Project
Gaining the Attention of Management Boards
Smartcard sharing - comment by Martyn Thomas
More on the smartcard story - a solution
Smartcard sharing - a breach of IT security or a way around slow access to NHS Care Records?
South Warwickshire General Hospitals NHS Trust statement to Computer Weekly on smartcard sharing
Selling the NHS's National Programme for IT - a PR challenge
Moore's Law and Security
White Hats Do Good
Security and the Environment
Time to Publicise Security Incidents?
EDS’s settlement with the government over tax credits
Assessing data handling
Downside of vulnerabilty testing
What contribution to NHS IT do Local Service Providers make?
Tom Brooks - opinion piece - What contribution to NHS IT do Local Service Providers make?
Levels of detail
Risk perceptions and historical data
Is the NHS's National Programme for IT costing too much?
Employee Monitoring - a hot topic for 2007
More Testing Please
Compliance, change control, and firewalls
The Perils of Mis-addressed Communications
Better Authentication Needed to Counter Man-in-the-Middle Attacks
Web site password policy
Identity and Passport Service director: Why we?re going public on IT projects we didn?t get right
NHS's National Programme for IT - a consultant's one-sentence view
Going to America
Database Security - Patching is not enough
More incident response
Unit testing software
Influential health user who criticised NHS Programme for IT is to join BT, one of the suppliers
Lord Hunt - a good choice of minister in charge of the NHS's National Programme for IT?
Incident definition and response
Countering the Threat of Information Security Fatigue
Robin Guenier comments on British Computer Society's paper on way forward for NHS's IT programme
No matter how far you have gone down the wrong road, turn back
Risk assessment software deployment
It's the developers fault....is it?
Who Needs Firewalls?
Top campaigner for independent review of NHS's IT scheme receives New Year Honour
Another unstructured blog
A matter of life and death
ATM Security - and how not to improve it
Show me the evidence
Real Crime in the Virtual World
PCI makes for "Superior Security"
Rats in a sewer...
Around 1,000 staff leave CSC - a key supplier to the £12.4bn NHS scheme
Vista Content Protection – Can we have the facts please?
How important is this?
Security and Governance – One size doesn’t always fit all
Importance of security in the SDLC
Importance of documenting requirements
A Security Resolution for 2007 - Embed Security into your System Development Cycle
Security Forecasts for 2007
People, Process or Technology - Which hits the spot?
What motivates a web site attack
Security Achieves a New Level of Maturity
A pre-Christmas Saturday Soapbox
ID Cards and the Perils of Identity Management
Perceptions are the key to mitigating risk
It can happen anywhere