Contact us

Author: admin

Busting myths and misconceptions around GDPR and security

For better or worse, GDPR and security are often wedded together, when the relationship in fact is slightly more complicated. Sarah Clarke, a specialist in privacy, security, governance risk and compliance with BH Consulting, has picked apart some myths and misconceptions around the subject. She kindly gave us permission to use material she published in […]

UK issues data protection guidance for a no-deal Brexit scenario

In preparation for a possible no-deal Brexit, the UK Government has published guidance about how this will affect data protection. The EU uses a mechanism called an adequacy decision to allow the free flow of personal data to countries outside the EU. BH Consulting CEO Brian Honan has identified the key section of the UK […]

Security newsround: September 2018

We round up interesting research and reporting about security developments from around the web. This month: the devastation from NotPetya, a sound idea for authentication, help with NIST and cutting-edge security analysis. The shipping news If the truly wise learn from the experiences of others, then there are lessons galore from Maersk’s ransomware infection. You […]

CEO fraud: call it what you want, but I call it messing with the quids

A ruse by any other name, invoice redirection scams are a huge and growing business problem. They’re also known as fake boss scams, impersonation fraud, CEO fraud, or business email compromise, and they’ve risen by 58 per cent in the past year. That’s according to Lloyds Bank which estimates that UK SMEs lose £27,000 on […]

Red player one: learning the right security lessons from a red team exercise

A red team exercise can be a valuable way of testing how effective your security controls are. Having your internal security team, or an external consultant, simulate an attacker trying to breach your defences can reveal plenty. Their success or otherwise can show where you need to improve from a security perspective, or what you’re […]

AWS Cloud: Proactive Security and Forensic Readiness – part 4

Part 4: Detective Controls in AWS Security controls can be either technical or administrative. A layered security approach to protecting an organisation’s information assets and infrastructure should include preventative controls, detective controls and corrective controls. Preventative controls exist to prevent the threat from coming in contact with the weakness. Detective controls exist to identify that […]

Buckle up: what the auto industry can teach us about IoT security

Help Net Security has published an op-ed from Brian Honan entitled ‘IoT security: lessons we can learn from the evolution of road safety’. The piece compares the lack of safety features in cars 50 years ago with today’s Internet of Things. Inspired by a conversation with his father about growing up in rural Ireland, when […]

Security newsround: August 2018

We round up research and reporting from across the web about security developments. This month in our security newsround: authentication acceptance, failing the text test, defining resilience for infosec, avoiding distraction, privacy made simpler and much more. More forceful arguments for multi-factor authentication The UK National Cyber Security Centre has published new guidance on multi-factor […]

Here’s the missing ingredient in a solid security and business continuity plan

Security incidents can cast an unforgiving light on many organisations’ readiness. They highlight the need for security programmes that go further than just fixing things when they break. Response has been security’s classic default reaction to an incident. Something is broken, so we need to fix it. But this misses a critical ingredient: resilience. If […]