The Blog

Cyber Smart Week – Practical Security

Getting the basics right

Getting practical security information and guidance shouldn’t be so hard. Unfortunately, sometimes it can feel that way. Yes, there may be times when you will need to bring in specialists to assist your business to meet its security needs, but there are many aspects of security which you can choose to do, even on the leanest of budgets.

Read More

Axenic to work with the NZ Government to improve information security

Axenic has been selected for the new ICT Security and Related Services (ICTSRS) panel to provide governance, risk and assurance services to the New Zealand Government.

Axenic has worked closely with the NZ Government Chief Information Officer (GCIO) over several years to improve NZ Agency security maturity. This has included contributing to the development of the GCIO risk management framework, the GCIO assurance framework and the Office 365 and Azure Risk Assessments. Read More


From Chaos to Conformance: 4 Context of the organisation

Information security is all about context!

In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.

Read More

Chris and Michael to Present at COSAC 2017

Chris and Michael will be presenting at the 24th International Computer Security Symposium & 9th SABSA World Congress, which will be held in Ireland between the 1 – 5 October 2016.

The following provides a synopsis of their sessions, visit the COSAC website here for more information and the full conference schedule.

Read More


From Chaos to Conformance: More ISO 27001 myths

Dispelling more common myths

Okay, I know I promised to delve into and discuss the requirements defined in 4 Context of the organisation. However, I realised that they are other common myths that I should dispel for those of you that are interested in implementing an Information Security Management System (ISMS) that conforms with ISO/IEC 27001:2013 (ISO 27001).

Read More

BrickerBot kiss of death to IoT devices

Reports surfaced on the 12th of April of a botnet that attacks IoT running BusyBox and other Linux-based devices. The bot, which is believed to be active since the 20th of March 2017, exploits hard-coded passwords of devices with published SSH or telnet, as well as attempting to brute-force passwords of devices with non-default credentials. As the name suggest, BrickerBot bricks the devices and leaves them completely useless. This is done by executing a set of commands to delete storage, corrupt routing and others.

Read More