I had to deliver a presentation recently, so thought I would pop together my thoughts here. It was about ensuring that any investment in penetration testing my wisely spent. If we want the business to use pen-testing. We need to know what it is, they wish to test. For instance: What’s Vulnerable (our information assets)… Continue reading Pen Test ‘ology’ and Bang for Buck
Perhaps this isn’t how things work.. Though in my head. Information falls into one of three camps: Information Governance Information Management Information Assurance. My definitions are as follows: Information Governance. All about having controls in place to ensure that risks are managed. Where risks can’t be managed (for whatever reason) having the framework in place to… Continue reading The Information Trilogy
Operational security (for me) is a constantly evolving and an always interesting arena to work in. The bad guys always have more time than you (and technically they are quite smart as well). Whilst having a coffee and a chat recently, we began talking about security standards in a given environment. I jumped on my… Continue reading 27001 reasons for different standards
Come the end of the usual working day, the last person out is responsible for securing the business to make sure no one comes in until tomorrow. So, at 1900 or 2000 hrs, do a quick “reccie” of the building, turn the lights off, set the alarm and pop the cat out. Safe in the… Continue reading Lights off, alarm on, cat out!
This is nothing new. You need to protect your system though what do you need to do and how much do you need to spend to protect it ? First – what are you protecting ? I am guessing an operating capability and also information. Ask the question. The whole of your IT goes down,… Continue reading What really is the risk ?
In my many years working in Information Security, I have been really fortunate to have encountered the most varied and interesting roles. These blogs are intended to promote discussions around key topics that tend to fascinate me. Though the intention is not to aim all of these at the security professional, and more the business… Continue reading Brief Introductions