Category Archives: BH Consulting News

Securing the Human Comes to Ireland

Posted on by

I am delighted to say that BH Consulting will be the Irish partner for SANs Securing the Human.  As a member of the advisory board for Securing the Human I’ve seen it develop into one of the best security awareness training program currently available. Securing the Human provides organisations with a comprehensive and cost effective solution to raising security awareness amongst their staff.

It seems our partnership is timely as a recent survey by DataSolutions and ComputerScope highlights that one third of Irish companies do not have a security awareness training program in place. When you consider that the majority of breaches involve some sort of interaction by employees this is a worryingly large number.

For more information on Securing the Human Ireland you can access our page here.

STH Ireland Ad

Christmas Wishes

Posted on by

We would like to take the opportunity to wish all our readers, clients, associates and partners the very best for the Christmas season and that you all have a properous and secure New Year.

As is our tradition BH Consulting will not be sending Christmas cards, instead we donate money to a charity of our choosing.  This year we are supporting Temple Street’s Children’s Hospital Light Up a Child’s Life campaign.

Light Up a Childs Life

To get you in the festive mood here is a white Christmas

 

Brian Honan One of the Judges for the Tech Trailblazers Awards

Posted on by

I am delighted to say that I have been selected to be one of the judges for a very exciting new and innovative IT awards program, the Tech Trailblazers, aimed at technology start-ups. It promises to be an exciting project which will hopefully identify and launch some great new technologies onto the market.  I am joined by a number of fantatic judges which I am really looking forward to working with.

The Tech Trailblazers has a prize fund of $1 million for startups and also includes access to mentors, venture capitalists and other expertises.  So if you are working for a stratup that is in any of the below categories you should enter:

  • Security Trailblazers
  • Cloud Trailblazers
  • Emerging Markets Trailblazers
  • Mobile Technology Trailblazers
  • Networking Trailblazers
  • Storage Trailblazers
  • Sustainable IT Trailblazers
  • Virtualization Trailblazers

I am thrilled to be involved in this great initiative and look forward to working with new trailblazing companies.

Entries for the awards open on July 18th.  To get more information go the Tech Trailblazers website, follow us on Twitter or keep up with the conversation sing the hashtag #TTAwards.

Below is the official press release with gives more details

Tech Trailblazers Awards launches $1 million prize fund for pioneering enterprise tech startups

All entrants win something: Prizes for winners include CTO and VC/IPO boot camp and mentoring, plus products and services worth tens of thousands of dollars

 London, UK – June 19th 2012 – Today the Tech Trailblazers Awards (www.techtrailblazers.com) were officially launched to champion innovative tech startups from around the world.

The Tech Trailblazers Awards, open for entries July 18th, represent a new concept in enterprise IT awards. Designed explicitly for enterprise tech startups that are less than five years old and at C-level funding or below, the awards not only recognize startup innovation, but also proactively help startups grow their businesses with exclusive coaching, mentoring and development services worth tens of thousands of dollars.

Unlike some other awards, the Tech Trailblazers are not tied to a particular event or publication, instead it is completely independent and global. The awards are focused on the key enterprise IT sectors of cloud, infosecurity, mobile, networking, storage and virtualization. In addition, there is a sustainable IT category and an emerging markets category.

Stephen O’Donnell, chairman of the Tech Trailblazers judging panel, former CIO, author, and consultant and blogger at www.TheHotAisle.com, said, “TechTrailblazers offers a forum for game-changing new technologies and amazing young companies to showcase their products and services. We have assembled a world-class team of judges on the panel commensurate with the quality of entries we expect. The prizes and publicity for winning entries will ensure an exciting contest.”

All entrants to the Tech Trailblazers Awards will win a prize of commercial value, even if they do not place in the awards. The growing prize fund, worth an estimated $1 million+, is supported by industry vendors, analysts, venture capitalists, government bodies, the media, event partners and other industry-specific services.

The extensive judging panel includes the IT industry’s leading figures from around the world, giving little-known startups the opportunity to present their products and services to eminent influencers.

Sponsors to date include MIT/Stanford Venture Lab, the Cloud Security Alliance, Prezi, RealWire, MyNewsDesk, and ExecEvent. To inquire about sponsorship, please email innovate@techtrailblazers.com.

To be notified as soon as the Tech Trailblazers Awards opens for entries, or to subscribe to the mailing list to receive information on early bird submission savings and the “Meet the Judges” webinar series, please email innovate@techtrailblazers.com. 

At present the judging panel includes:

  • Mohit Agrawal, Founder and Editor, Telecom Circle (Twitter:      @telecomcircle)
  • Cynthia Artin, President, Artin Arts (@cynthiaartin)
  • Joe Baguley, Chief Cloud Technologist, VMware (@joebaguley)
  • Frank J. Bernhard, Strategy and Operations Director, Deloitte      Consulting (@FrankJBernhard)
  • Steve Broadhead, Founder and Director, Broadband-Testing Labs      (@steve_broadhead)
  • Rebel Brown, Author and Startup Veteran (@RebelBrown)
  • Mike Burkitt, CTO, Launchpad Europe (@launchpadeurope)
  • Teresa Cottam, Founder and Chief Analyst, Telesperience      (@teresacottam)
  • Chris Evans, Consultant and Blogger, TheStorageArchitect.com      (@chrismevans)
  • Marty Foltyn, Hands-On Lab Program, SNIA (@MartyFoltyn)
  • Ian French, Channel Guru, Mentor and Entrepreneur (@siceo)
  • Edward P. Gibson, Director, Forensic Technology Solutions,      Pricewaterhousecoopers (@EdwardPGibson)
  • Martin Glassborow, Blogger, Storagebod (@storagebod)
  • Brian Honan, CEO, BH Consulting (@brianhonan)
  • Elise Huang, Partner, WestSummit Capital
  • Sam Johnston, Director, Cloud & IT Services, Equinix (@samj)
  • Ben Kepes, Principal, Diversity Limited (@benkepes)
  • Justin Lodge, Infrastructure Architect, National Australia Bank      (@justin_lodge)
  • Chris Mellor, Storage Editor, The Register (@chris_mellor)
  • Steve O’Donnell, Consultant, Advisor and Author, TheHotAisle.com      (@stephenodonnell)
  • W. Curtis Preston, CEO, TruthInIT (@wcpreston)
  • Simon Robinson, Research Vice President, 451 Research      (@simonrob451)
  • Kai Roer, Senior Partner, The Roer Group (@kairoer)
  • Raj Samani, EMEA Strategy Advisor, Cloud Security Alliance      (@raj_samani)
  • Andrew Seldon, Editor, Hi-Tech Security Solutions, TechNews      (@andrewseldon)
  • Sarb Sembhi, Director, Consultancy Services, Incoming Thought      (@sarbsembhi)
  • Enrico Signoretti, Senior Consultant, Juku Consulting SRL      (@esignoretti)
  • Harkeeret Singh, Global Head of Energy & Sustainable IT,      Thomson Reuters (@harqs)
  • Jennifer Steffens, CEO, IOactive (@securesun)
  • Jon Toigo, CEO, Toigo Partners International (@jontoigo)
  • Matthew Yeager, Chief Technologist, Colt Technology Services      (@mpyeager)
  • Monica Zlotogorski, Editor, Inside Latin America, TM Forum      (@MonicaCZN)

 About the Tech Trailblazers Awards

Tech Trailblazers is a new concept in awards, designed explicitly for smaller businesses and startups that are less than five years old and at C-level funding or below. The awards have low barriers to entry and prizes that not only recognize startup innovation, but also proactively help startups grow their businesses with exclusive coaching, mentoring and development from VCs and leading CTOs as well as an estimated prize fund worth in excess of $1m. The awards seek to recognize true innovators in the following enterprise technology and other areas:

 Cloud Trailblazers

  • Emerging Markets Trailblazers
  • Mobile Technology Trailblazers
  • Networking Trailblazers
  • Security Trailblazers
  • Storage Trailblazers
  • Sustainable IT Trailblazers
  • Virtualization Trailblazers

 Entries open on July 18th – register your interest by emailing us, following us on twitter @Techtrailblaze or follow the conversation via the hashtag – #TTAwards.

 

Securitywatch Blog Featured in the Sunday Times

Posted on by

BH Consulting‘s blog was featured in the Sunday Times at the weekend in the “Become the new kid on the blog” article which focused on the business benefits social media can bring.

As you know BH Consulting has been running this blog for quite a number of years and also are active on Twitter.  I tweet quite regularly as @brianhonan and BH Consulting is on twitter as @bhconsulting.

People often ask me, as did Sandra O’Connell from the Sunday Times, what benefits has social media brought to the business? As a small business BH Consulting does not have the marketing budgets that many larger organisations would have.  Social media provides small companies such as ourselves with a relatively cost effective way to promote our expertise and areas of knowledge.  In the main I use this blog, Twitter and LinkedIn as the primary social media platforms to engage with other clients, partners, vendors and the wider community.

As a result of the above I have gained the following benefits.

  • Using social media I have also been able to make contact with others within the industry whom I may never had a chance to meet in “real life”.  This has allowed me to establish a business relationship with those people which had led directly to work.  More importantly it has allowed me to develop my own knowledge by engaging with others via my blog and Twitter.
  • Through my blogging I was approached by a publisher to write a book on information security, “ISO 27001 in a Windows Environment.”
  • I was also invited to contribute to the book “The Cloud Security Rules
  • I have contributed articles to professional publications such as “Knowledge Ireland”, “SC Magazine UK“, “[IN]Secure Magazine“.  I also have a regular blog with “InfoSecurity Magazine” and will be writing a monthly column for “Help Net Security” magazine
  • Establishing relationships via social media makes with recognised experts in the field also makes it easier to meet these people at real world events.  You already have a relationship with that person, albeit and online one, which you can use to “break the ice” with them.
  • Finally, blogging keeps my website updated on a regular basis which helps to increase the page ranking of the site for Google, and other, search engines.

The great thing with social media is that a lot of the tools and platforms are free and require little or no financial investment. However, it does require investment in your time and that can be a valuable asset.

So has social media been of benefit to BH Consulting? The answer to that is a resounding yes. Is it suitable for all companies to get involved in? Again the answer is yes but make sure you are prepared to commit the time and effort required to generate content that will engage with your audience.

Nominated for SC Magazine Awards

Posted on by

It was with great delight that I found out today that I was nominated for SC Magazine’s award for “Information Security Person of the year“.  To add to my delight BH Consulting has also been nominated for the “Information Security Consultancy of the year” award.

It is a great honour to have been nominated and shorlisted for these awards, especially when you look at the other nominees in each of those categories.

Information Security Person of the Year

  • Neira Jones – Barclaycard
  • Brian Honan – BH Consulting
  • Tim D.W. Wilson – NHS East London and City
  • Stephen Bonner – KPMG

Information Security Consultancy of the Year

  • KPMG
  • Brookcourt
  • Verizon
  • BH Consulting

Finally, to top it all the IRISSCERT team were nominated as a finalist for the “Information Security Team of the Year” award.

Information Security Team of the Year

  • Barclaycard
  • National Grid
  • IRISSCERT
  • Virgin Media

 Its an honour to be included amongst the other respected and reknowned nominees.  Whatever the outcome this is a great achievement for all involved.  I wish all the nominees the best of luck on the night of the awards and look forward to the event. 

Better get the tuxedo dry cleaned !!

Outlook is Cloudy

Posted on by
Cloud computing has become an exciting evolution in how we deliver, access and use services over the Internet.  The Cloud offers organisations many benefits and opportunities.  However, these opportunities and benefits do not come without a number of security risks that need to be considered.
Ireland is uniquely positioned to handle these issues.  In an article with the CSO Online Magazine titled “Ireland hopes security measures attract big cloud providers” I outline a number of these benefits.  In my opinion these benefits include the high quality of information security professionals that are based here, our experience in managing and running large datacentres and the cloud security research that is going on in various universities.
I have also taken on some active roles to ensure that we as an industry can address the security challenges the cloud present.  To this end I am happy to say I have been appointed the Chief Operations Officer for the Common Assurance Maturity Model (CAMM).  The objectives of CAMM are to:
  • Provide a framework to in support of necessary transparency attesting the Information Assurance Maturity of a Third Party Providers & Suppliers (e.g. Cloud providers).
  • Publication of results in an open and transparent manner, without the mandatory need for third party audit functions, or due diligence engagements.
  • Allow for data processors to demonstratively publicise their attention to Information Assurance in comparison to other supplier’s levels of compliance, and security profiles.
  • Negating the operational requirement for time consuming, expensive, subjective, and resource intensive bespoke arrangements to attest security and compliance.
I have also taken a position on the board of the UK and Irish Chapter of the Cloud Security Alliance.  The Cloud Security Alliance (CSA) is a “not-for-profit organisation with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.” We have some exciting events planned, including a chapter meeting in Dublin to be held later this year, so watch this space.  If you are interested in cloud security you should join the UK and Irish Chapter of the Cloud Security Alliance as it will provide you with the resources to develop and hone the skills required for this evolving environment.
If you are wondering what are the security challenges that we face with moving to the cloud I recommend that you read the Cloud Security Guidance White Paper from the Cloud Security Alliance and also ENISA’s excellent white paper on Cloud Computing.
You can also review my presentation on the Cloud Security below;
Cloud security
View more presentations from Brian Honan

BH Consulting Achieves ISO 27001 Certification

Posted on by

winnerFollowing an independent audit of our Information Security Management System by Certification Europe, BH Consulting has been awarded accreditation to the ISO 27001:2005 Information Security Standard.  This independent certification recognises that BH Consulting has in place an Information Security Management System that meets the requirements of this highly regarded standard. 

Achieving this accreditation means that our customers can be confident their information is being dealt with by a company who takes the matter of information security seriously.  As a consulting company it also shows that we practise what we preach.  BH Consulting has achieved this certification for all of its consulting services.

We also believe that BH Consulting is the smallest company in the world to achieve this certification, so size does not matter after all !

The "Beta Culture" and Security

Posted on by

Today’s Irish Independent has an article on “Are buggy smart phones now the reality in our new ‘beta culture’?”  Marie Boran interviewed me for the pieceasking for my thoughts on the security implications resulting from our acceptance in using Beta products. 

From a security point of view I have to admit that I do have concerns over the growing “beta culture”.  The problem is compounded by what is now acceptable to release to consumers.  In many cases tagging the phrase “beta” to your product seems to be like a get out of jail card free.  But in spite of that tag a lot of these products are snapped up by the public without any consideration as to the potential risks.  Would you buy a Micro Wave, car or gas boiler if you were told it is not fully tested?  Yet for electronic gadgets, computer systems and application software the general public seems to  be comfortable entrusting their “digital life” to untried and untested solutions.

 Look at Google’s range of applicationsGmail is still beta, as is Google docs.  Yet millions of people and businesses are entrusting sensitive and personal data to these applications.  Another good example is the Google Chrome browser.  This is still a beta product yet when released it created a buzz and many people downloaded it onto their systems.  Within days a number of security bugs were found within Chrome and Google had to rush out patches.

The challenge many of the vendor companies face is that they have commercial deadlines to meet in order to satisfy shareholders and customers.  To compete, products are becoming more and more sophisticated and complex.  It used to be all you used your mobile phone for was making and receiving phone calls.  Now your phone is a mini-computer that can take pictures, videos, record and play music and browse the Internet.  But complex systems are very difficult to secure properly.  The problem is that criminals and hackers actively look to exploit bugs in these systems.  Badly designed and/or complex systems that are not properly tested will result in those criminals being successful.

 Consumers also seem to be not aware of the risks.  They want the latest and greatest gadgets or applications to show off to their friends or workmates, yet do not worry if the products they are using could result in their data being lost, corrupted or accessed by others.

The above is compounded by the fact that companies often have in their license agreements clauses that protect them from legal action from the customer should their device or application fail in such a way to cause them damages.  So if your sensitive financial details are stolen from your shiny new phone by criminals due to a bug in the phone’s software then you have little or no recourse with the manufacturer. 

Consumers need to be more cognisant of the risks they take with new systems and not rush out to buy the latest gadgets until they have been properly proven.  But with the appetite for newer and shinier toys ever increasing this may not happen.

Me I still stick by my trusty Nokia 6310i mobile phone.

Implementing ISO 27001 In A Windows Environment

Posted on by

9781905356782_-_largeOne of the biggest projects I worked on last year was writing my first book.  The book is called “Implementing ISO 27001 in a Windows Environment“.   I wrote this book in response to the many questions clients have asked me on how best to put in place the various controls and goals outlined in the ISO 27001 Informration Security Standard (formerly BS 7799). 

Very often these people were IT Managers who were mandated by their senior management to implement the standard in order to provide the business that they were using recognised best practises to secure their information assets.

However these managers suddenly faced a number of major challenges.;

  • They had to first become familiar with the ISO 27001 Information Security Standard and understand how it works.
  • Identify what controls were applicable to their organisation based on their risk assessment and resultant required controls.
  • How to ensure that the controls that required technical configurations were being properly implement
  • Last but not least how to do all the above in the most effective and cost efficient manner possible.

As someone who has a lot of experience with implementing the standard, and also a strong technical background, I decided to write this book to help address those issues.  I also decided to focus on how to leverage some of the existing Microsoft technology, such as Microsoft Windows Server 2008, Microsoft Windows Vista and various other Microsoft secruity tools, that most organisations have employed.

So last summer my journey as an author began.  It is been a long and at times challenging journey but I am happy to say that it is coming to an end. 

My book “Implementing ISO 27001 In a Windows Environment” will be published on February the 3rd 2009 and is now available for pre-order at the IT Governance website.   If you are considering rolling out ISO 27001 in your organisation, I would recommend that you purchase the book as it may save you a lot of time, money and frustration.