Categories
For Infosec professionals

5 tips to make the most of your infosec risk assessment

Let’s face it. Information security risk assessments are boring.  The only reason most organisations endure risk assessment is to (a) comply to a regulatory requirement or (b) to get certified on a standard that requires you to have a risk assessment. But, it does not have to be this way. Risk assessments can be very […]

Categories
For Infosec professionals

What to learn from the Verizon Protected Health Information data breach report 2018

  Verizon has released its latest data breach report specifically for protected health information (PHI) breaches. This post would be useful for healthcare services organisations that handle PHI data. They can learn from past mistakes.

Categories
For Infosec professionals

The Symantec Threat Report 2018 – and 4 takeaways for the Infosec Professional

The Symantec Threat Report for 2018 is out. It can be downloaded from Symantec’s site here. If you do not have the time to read the entire 89 page report, here is a brief summary and 3 key takeaways for you as an infosec professional to apply to your organisation. Before you read the report, […]

Categories
For Infosec professionals Infosec for everyone

The ethics of bitcoins and other cryptocurrencies

Is a bitcoin investor unknowingly supporting illegal drug trade and child pornography? Do the drawbacks of using cryptocurrency exceed the advantages to society at large? This is a topic that no one talks about. The ethics of cryptocurrency. To even begin to think about the ethics of cryptocurrency, we will need to know a little […]

Categories
Cybersecurity Humour For Infosec professionals

5 ways to kill your cybersecurity messenger

If you ever want to kill your cybersecurity messenger and watch him/her die a slow and painful death inside, this is how you can go about it. This is especially applicable if you are a board member who has to sit through cybersecurity board meetings.

Categories
For Infosec professionals Infosec for everyone

2017 – The year in Infosec

2017 – The year in Infosec Should I continue to call it Infosec? Or should I change with the times to call it ‘Cybersecurity’? Whatever the name, 2017 was an interesting year for information security or cybersecurity or whatever you choose to call it. Here are a few things of note that happened: This is […]

Categories
For Infosec professionals Infosec for everyone

2016 – The year in infosec

A look at what happened in infosec in 2016. An analysis of the key areas where there was action and a wish list for 2017.

Categories
For Infosec professionals

8 steps to write a cloud security policy

Everything is moving to the cloud – a cliche we have heard so often that we have started to believe it to be true. To some extent, it is. The infosec professional has been caught on her heels about cloud security. Just when she got round to analysing the risks of virtualisation, the monster of […]

Categories
For Infosec professionals Infosec for everyone

The quest for good passwords

Passwords are easily the most talked about infosec control. Perhaps the simplest concept the explain and surprisingly hard to implement well. Allow a user to keep any password, without restriction, and she will keep her username as the password. Add complexity requirements and she will write it down. Infosec professionals take every possible measure to […]

Categories
For Infosec professionals

Don’t neglect Information Classification

Classifying information is a basic requirement of any information security framework. This, of course,  is sound logic. If you don’t know what the value of the information is, you will not be able to handle it appropriately. The problem is not in the requirement but in the way it is implemented…