Defence (or Defense) In Depth – a phrase we both love to repeat and repeatedly critique. Perhaps it’s a word problem, not a sense problem…
Update 3rd June – We WON! 🙂 Best New Security Blog 2015 It seems only yesterday I was astounded by the social security blogger award nomination and now look what’s happened! A […]
The interweb says it should be. Every day, in every way, it’s getting FUDdier: Cyberterrorists, Cyberespionage, Cybercriminals, Cyberbogeymen. Cybercars, Cyberheating, Cybercyber. By rights nothing should be working. All of our bank accounts […]
Just like Schrödinger and his quantum feline, most companies are just making assumptions about the state of their cybersecurity risks.
Did you think you were a driving god when you first passed your test? Are you 100% compliant with the latest security standards? Could there be parallel lessons to apply to mitigating InfoSec risks?
A double dose of what we hope is the security obvious. What do you think when someone calls a system 100% hack proof? And are all pen tests created equal?
This started life as a couple of peeves about security ‘expertise’, but it’s grown to include a few things I think do our trade no good. Am I moaning about the inevitable, or calling out […]
When it comes to cyber, information, IT (or whatever you choose to prefix it with) security, where do you draw a compliant and cost-effective line? Where, between gold-plated and the status quo, is good enough?