The Blog

Rapid Reaction: A Series on Incident Management and Response

By Jim, on 14 October, 2016

This is the first in a series of articles that aim to help organisations build and maintain their information security incident management and response capability.

With the exception of a few organisations, it seems that the effort put into establishing an information security incident management and response capability is limited to developing a documented process. Most do the bare minimum required to tick the “has an incident response process” box, with little to no regard about how effective the process is. That’s why very few organisations actually detect information security (or cyber security if you prefer) incidents in a timely manner, and fewer still are able to handle and resolve them in an efficient and effect way to minimise the impact.
Read More

Chris to present at COSAC 2016

By Jim, on 15 August, 2016

Chris will be presenting two sessions at COSAC 2016 held in Ireland between the 2 – 6 October 2016. The following provides a synopsis of his sessions, visit the COSAC website here for more information and the full conference schedule.
Read More

Who cares about unique identifiers?

By Michael, on 22 July, 2016

Almost everyone has been on the receiving end of a request to provide photo identification (most commonly a drivers’ licence or a passport) when applying for a bank account, or purchasing a new mobile phone, or some similar account-based transaction. The person making the request typically either writes down the details of the document or photocopies it. But there is one piece of information that should not be captured unless there is a legitimate reason to – the unique identifier.
Read More

SEI Incident Handling Training

By Jim, on 15 June, 2016

It is too late to start figuring out what to do when a cyber security incident occurs. If your organisation has not thought about how to identify a significant incident, who needs to be involved and what steps it needs to take to resolve the incident then it is likely to struggle to bring the incident to a timely resolution.
Read More

There is still only one way to eliminate risk

By Jim, on 6 May, 2016

This is not a new post, I originally wrote and published it nearly six years ago. However, based on a number of discussions I have been party to over the last few weeks, not much has changed since it was published so I thought I would repost it as a prologue for a new series of blog posts about risk, risk assessment and risk management.

CASBs – The Emperor’s New Clothes?

By Jim, on 2 March, 2016

It seems that Fear Uncertainty and Doubt (FUD) will always be used to sell products that no-one needs to solve problems that no one really has.

Get our news as it happens

Click here to subscribe to our newsletter