This is the reason why you need to think twice about who you give your information to...
Monday 22 November 2010
Another example of lack of policy and total lack of care...
Friday 19 November 2010
Very good Paper on Data Security...
Although this is a US study, the quantitative representation of the importance of Data Security is well presented. I am sure the principles can apply in UK.
http://viewer.media.bitpipe.com/1110870796_424/1289917408_819/WP_BC-Data_Security_1010.pdf
http://viewer.media.bitpipe.com/1110870796_424/1289917408_819/WP_BC-Data_Security_1010.pdf
Antimatter
OK, so I know this isn't tech trends or information security, but it is interesting.
When I first watched Angels and Demons, I laughed at the idea of harnessing anti matter to create a bomb. But obviously that idea wasn't as far fetched as I thought (still quite a few years away from the actual "bomb" idea though)
http://news.yahoo.com/s/ap/eu_switzerland_antimatter
When I first watched Angels and Demons, I laughed at the idea of harnessing anti matter to create a bomb. But obviously that idea wasn't as far fetched as I thought (still quite a few years away from the actual "bomb" idea though)
http://news.yahoo.com/s/ap/eu_switzerland_antimatter
High Risk and Likelihood of Risk
I often here the phrase:
"When you do something often the risk of it becomes higher than it usually is" - is this correct? So according to this analagy, if I cross a road once its risky, but if I cross the same road, say, 10 times, that risk is going to be higher? I think what people (or me) often mix up is High Risk, is different to an Increased likelihood of risk. I see the logic behind the quote - crossing the road multiple times will increase your likelihood of being hit by a car.
Now for example, say crossing a road is risked at Medium, and driving drunk is risked at Very High. Lets say the "risk" is being hit by a car (or anything else on the road)
So if I cross a road 10 times does that medium turn into High and and if I am driving drunk more than once does that risk become Immanent?
Something I need to get my head around...
"When you do something often the risk of it becomes higher than it usually is" - is this correct? So according to this analagy, if I cross a road once its risky, but if I cross the same road, say, 10 times, that risk is going to be higher? I think what people (or me) often mix up is High Risk, is different to an Increased likelihood of risk. I see the logic behind the quote - crossing the road multiple times will increase your likelihood of being hit by a car.
Now for example, say crossing a road is risked at Medium, and driving drunk is risked at Very High. Lets say the "risk" is being hit by a car (or anything else on the road)
So if I cross a road 10 times does that medium turn into High and and if I am driving drunk more than once does that risk become Immanent?
Something I need to get my head around...
Wake up to virtualisation
So we have cloud computing and virtualisation - both a result of aggressive cost cutting exercises (although in the short term virtualisation can be costly to set up). Since organisations have been tighting the purse strings, these two "technologies" have become more apparent. Cloud services offer obvious advantages; cut costs, increase scalability and ultimately - pay only for services you use. Obviously cost cutting is a big part virtualisation (reduce size of data centres and hence pay low land costs and maintainance cost etc) but it does propose a new set of risks to the organisations.
Running various projects of different servers is easy to control and track etc, but when running multipe projects (or machines) within a single server (so machines are now virtual machienes) is going to be much harder to control. Firstly, running on seperate physical servers means there is a physical protection between machines, but with virtual machienes there is no seperation - well this is an exageration, the control do exists but they are weak.
So what do companies who are looking into virtualisation actually understand about the security around it? As with everything, the risks have to be assessed and strong controls need to be put in place (starting point would be 2 factor authentication). Anyway, here is a good article on virtualisation security: Wake up to virtualisation security risks, experts say.
Thursday 18 November 2010
Accidentally-sent email could end up costing UBS $10 million - SC Magazine UK
Ever got that feeling when you hit Send on an email and reliase its gone to the wrong person...or it was the wrong file? Just imagine how this person must have felt: Accidentally-sent email could end up costing UBS $10 million - SC Magazine UK
This again screams out the importance of raising security awareness programs in organisations. Yes, there will always be a risk associated with human error (a very very big risk) but I believe with a strong and relevant security awareness program the organisations can try and limit these risks.
Once again this highlights the weakest link in the IS strategy - us, humans!
Compensating controls can help boost cloud compliance
In the very near future all companies (commercial and non) will be moving in cloud computing (many have already started to test the water). As they move in to the cloud, they will be facing new challenges in terms of compliance with the relevant legislations and standards, what this means to me an you is - money will need to be spent on staff with correct expertise and senior level managers will need to be the front line in determining the information security strategy for moving into the cloud.
Here is an article I came across that provides an insight into how Compensating controls can help boost cloud compliance.
Introduction
To those who are reading this - Welcome.
I have not got into blogging because it has never appealed to me, that is, until now. I have decided to get into it now so I can share my ideas/views and research into the Technology Trends and the Information Security domain.
I currently work as an Information Security Consultant and in recent times I have come across many articles/theories on tech trends and IS. All these articles etc have triggered me into doing some of my own research and thinking, I will post these over the coming days (maybe weeks - depends on how much time I have available).
Anyway, this blog should only be used for information and general reading - any material on here should not be taken as gospel - they are only my views, opinions and theories.
Please feel free to comment - it will only help build knowledge.
Thanks
Nish
I have not got into blogging because it has never appealed to me, that is, until now. I have decided to get into it now so I can share my ideas/views and research into the Technology Trends and the Information Security domain.
I currently work as an Information Security Consultant and in recent times I have come across many articles/theories on tech trends and IS. All these articles etc have triggered me into doing some of my own research and thinking, I will post these over the coming days (maybe weeks - depends on how much time I have available).
Anyway, this blog should only be used for information and general reading - any material on here should not be taken as gospel - they are only my views, opinions and theories.
Please feel free to comment - it will only help build knowledge.
Thanks
Nish
Subscribe to:
Posts (Atom)