SecurityRatty: Stuart King's Security and Risk Management Blog

We can't write secure code

2008-05-16 07:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...security requirements are stated from outset and followed through into production and beyond. The evidence is that none of it works. OK, the folk at Microsoft , for example, will say that security is now embedded in their culture, and they've certainly generated a nice new stream of revenue for themselves out of all the books, tools and...

Earthquakes and Cyclones

2008-05-15 19:37:35 by Stuart King in Stuart King's Security and Risk Management Blog

50,000 killed in China, 120,000 killed in Burma. It puts a hard day at the office into perspective

Tags: hard day, perspective, office, china, burma

Passwords, crocodiles, and air disasters

2008-05-15 08:45:00 by Stuart King in Stuart King's Security and Risk Management Blog

...information security, and that most businesses are rubbish at getting the right messages across. A copy of the employee handbook, a leaflet and a poster saying "Be Secure" with a picture of a padlock on it do not make for an effective and meaningful security awareness program. The point was that we need to emphasise messages in terms the...

Tags: password, pound, pounds, pound profit, twenty pounds, password anecdote, air disasters, human factors, martin

Impact Factory

2008-05-14 11:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...information security program or project can be challenging so it's good to be armed with a good set of techniques for getting across the right messages regardless of audience or the amount of time available

Tags: presentation skills, excellent presentation skills, impact factory, information security program, time, audience, doug osbourne, valuable asset, bad habits

Data Loss Epidemic

2008-05-13 08:30:00 by Stuart King in Stuart King's Security and Risk Management Blog

...security problems with technology alone and it's not simply an IT problem. It's culture, training, awareness, and technology. We need people to start asking how to protect data rather than waiting to be told

Tags: data, protect data, solve data security, lost usb stick, threat management tools, businesses larger, businesses, wild statistics, scare stories

HSBC lose a server

2008-05-12 08:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...security. Security is our top priority. The Hongkong and Shanghai Banking Corporation Limited ('the Bank') will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic...

Tags: server, data, customer data, personal data, hsbc, bank, data security, hsbc bank, security

Insider Threats: the biggest Information Security risk

2008-05-10 15:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...information security we consider how to prevent intrusion into our business from the outside. The facts and statistics tell a different story. 62% of large businesses in the UK (source: DTI/PWC Insider Threat Report 2006) have dealt with a security incident instigated by a current or former employee. I've been writing up some of my research...

Tags: insider threats, information, information security, current, paper, fictional multinational company, acme widgets plc, current employees, risks posed

Laptop encryption

2008-05-09 05:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...information and may have put millions at risk of identity theft." Full story here . Chances are that this was a nothing more than a random burglary committed by thieves who probably don't even have opposing thumbs capable of opening the lid. So, the chances of them being able to get any data out of it are slim. Most likely is that the drive...

Tags: personal data, data, confidential data, laptop, encryption, confidential business data, confidential, laptop thefts, encryption product

Peter Gabriel Web Server Stolen

2008-05-07 13:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...security has been a previous topic of this blog (see entry from 10 Dec 2007 ). 1. Don't make assumptions about third party security controls. Check them for yourself. 2. Make sure your incident response plans include actions to take in the event of critical equipment being stolen. Some good guidance on physical security for small businesses...

Tags: physical security, web server, peter gabriel, party security controls, previous topic, data center, critical equipment, dreadful noise, guidance

Microsoft Senior PC - not just for the elderly

2008-05-06 19:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

My mother-in-law is, to give her some credit, an intelligent lady. However, faced with an upgrade from Windows XP to Vista and IE7 from IE6 and you have a situation akin to explaining quadratic equations to a two year old. Both circumstances will result in heavy objects being thrown around in frustration. So, the idea of Microsoft to provide a...

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo