Pen testing: why do you need it, and five steps to doing it right
Penetration testing can contribute a lot to an organisation’s security by helping to identify potential weaknesses. But for it to be truly valuable, it needs to happen in the context of the business. I asked Brian Honan, CEO of BH Consulting, to explain the value of pen testing and when it’s needed. “A pen test […]
Is banning USB drives the key to better security behaviour?
Convenience often beats security where users are concerned. Take USB keys, for example. They’re a very handy way to transfer files between computers, but they’re also a huge security risk. IBM recently attempted taking the drastic step of banning all removable portable storage devices (eg: USB, SD card, flash drive) completely. Should others follow suit? […]
Security newsround: July 2018
We round up reporting and research from across the web about the latest security news and developments. This month: stress test for infosec leaders, cybercrime by the numbers, financial fine for enabling cyber fraud, third party risk leads to Ticketmaster breach, Privacy Shield in jeopardy, and a win for Wi-Fi as security improves. Under pressure: […]
Security awareness: it’s all just child’s play
Security awareness is not so different from parenting. Our aim is to change behaviour for the better. As dad to three children, I’m used to communicating with the different personality types of each of my kids. In an office environment, it’s just bigger kids in a bigger playground. Whether it’s a team, a department, or […]
How branding gives your security awareness messages extra strength
Many security professionals probably give little thought to branding; they prefer to leave that fluffy stuff to the marketing team. But when it comes to security awareness, branding can add a touch of goodness to your efforts. (And if you want to know what this has to do with creamy pints of the black stuff, […]
Security newsround: June 2018
We round up reporting and research from across the web about the latest security news and developments. This month: help at hand for GDPR laggards, try and efail, biometrics blues, and calls for a router reboot as VPNFilter strikes. Good data protection resources (see what we did there?) Despite a very well flagged two-year countdown […]
The building blocks to a career in cybersecurity
Forging a career in cybersecurity is like building a house. Starting with a solid foundation makes it easier to build the layers on top. Now that I am a client-facing consultant performing ISO 27001 gap analysis and internal audits, it’s clear to me how my previous role in application support gave me a grounding in […]
Here’s how to boost web security after Google HTTPS move
Security professionals will doubtless welcome Google’s decision to mark all HTTP pages as ‘not secure’ from next September onwards. Marketing executives who haven’t kept up to date with this web security issue might not feel so accommodating. But the announcement is a good opportunity for both groups to start a conversation. Otherwise, here’s what will […]
The answer’s in the question: risk assurance that’s ready-made for a regulator
Regulators and auditors expect us to have all kinds of controls in place to manage information security. Standards like ISO 27001 or frameworks like the CIS Controls are helpful guides for applying these controls, but they don’t ask questions in the same way a regulator or auditor would. Many organisations don’t catalogue the software and […]
Charities guide to better cybersecurity in 10 steps
Charities in Ireland face an increase in cybersecurity threats. Cybercrime incidents are increasing, and no-one is immune. Criminals have the means and the opportunity to target organisations for extortion, financial gain, or to steal valuable data. As the rate of attacks rises, so too are the costs to recover. As well as financial losses, a […]