Not a week (day?) goes past without some high profile company admitting that a few million of their customers have had their data stolen. So how should companies respond when they suffer a data breach? Well to be honest, the data is already gone so why waste time looking for clues when the first [...]

Do you have an IT security product to sell; or just a normal piece of IT kit that you want to sell by jumping on the Infosec bandwagon? Then you need to master the art of a press release to ensure your product gets the right coverage at the right time. Nail this one and [...]

Would you install a £10,000 anti-theft, alarm and tracker system to protect your car? Chances are that unless you own a super-car worth more than the average house, you’d think it a foolish investment- no matter how secure it makes your vehicle.
We are very good when it comes to knowing how much our valuables are [...]

There are hundreds if not thousands of “Indian Restaurants” dotted around London. However, we all know that most of these places are not owned or run by Indians at all. You have a large number of Bangladeshi or Pakistani’s owning and managing these establishments. But for convenience there’s an unspoken rule that the owners [...]

A few hours ago I was pondering what to write about. But that problem was solved when a friend asked if I’d written about the fantastically new and secure USB stick by Iron Key. The truth is that I’d forgotten about it so could only muster up a few Hugh Grant-esque “gosh” and “jollys”. [...]

These days it’s pretty bad for a company when they lose their sensitive data and it’s even worse if they lose their customers data. Not a day goes past where some numpty doesn’t leave their laptop in the back of a taxi. Many solutions have been suggested, tried and implemented, often at great cost.
I’ve [...]

 According to the beeb  an 84 year old man killed his wife whilst reversing his car in the driveway. There aren’t much details on the story, but apparently it wasn’t intentional and no, the man hadn’t been plucking up the courage all these years. It was simply  tragic accident…
 Contrast this to the corporate world, where [...]

Whilst driving in London, one can’t help but notice that nearly every lamp post, every telegraph pole, every branch in every tree is plastered with instructions about what the motorist can or cannot do at that particular moment.
You’re on a red route so you have a sign, then another, and then another explaining exactly [...]

I’m not really a big sports fan, yet whenever there is a world cup or championship of any sort, I’ll sometimes buy into the hype and watch some, if only so that I don’t come across as completely ignorant during those water-cooler conversations in the office.
Recently the 20-20 cricket world cup took place. Its [...]

Sun Tzu was a military General. But his principles are timeless and can be applied to many different kinds of battlefields.
Here we examine Sun Tzu’s ten principles in light of being successful in Infosec.
Learn to fight
Don’t step into the infosec arena without knowing how to defend yourself and attack the opponents. Importantly, know when to [...]

As a security consultant, as much as I owe my livelihood to Microsoft for creating such insecure products, I owe just as much to hackers and criminals out there who keep on doing bad stuff that keeps me employed.
However, modern day hackers like Gary McKinnon owe a lot to the original forefathers of hacking who [...]

For readers based outside of London, you’re probably oblivious to the fact that yesterday and today London’s tube (trains that run underground) union decided they weren’t getting paid enough or that they wanted a bigger pension pot or something and threw their toys out of the pram and decided to go on strike.
Charming…
The streets of [...]

So today was one of those rare days I came up with a good business plan. I was so excited about it I phoned up my boss to run the idea past him. Transcript of the call is below:
Boss – Hello
Cynic – Whassup chief.
Boss – Oh, it’s you. What can I do for you?
Cynic [...]

There seems to be much debate ongoing these days regarding the effectiveness of PCI DSS. There have been several high profile cases such as Heartland and RBS WorldPay where these companies had PCI DSS certification, yet still suffered card data breaches.
Some commentators are of the opinion that the standard is flawed, useless, merely a [...]

Lately there’s been a lot of hype surrounding President 2.0, Obama’s intentions to protect America’s digital infrastructure. Mr Obama stated, “It is now clear,” he said, “this cyber threat is one of the most serious economic and national security challenges we face as a nation.”
It’s quite refreshing that a modern leader of the day has [...]

As HMRC remind us, tax doesn’t have to be taxing. Well neither does risk management. In fact, assessing risks is something we learn from a young age. But when we don our suits and enter the corporate world, all sense of how we should manage risk seems to go out of the window.

 
 
 
A typical risk [...]

Over the years, information security has moved from being a dark art practised by a few beardies to becoming something most people understand and appreciate. Also, as time has progressed, infosec professionals have become more apt at explaining infosec to the layman in terms they all understand. Additionally security awareness programmes in most companies, coupled [...]

I’ve been asked many times, mostly by myself, as to the best way to convince business people to open their purse strings and spend some money on security.
It seems as if business people, developers, IT managers, procurement, HR, finance; basically anyone and everyone is only prepared to spend the bare minimum on security features to [...]