Last updated: 
2 months 2 days ago
Blog Manager

I'm the Information Security Manager at Janet and through this blog I'll be sharing some of my experiences, ideas and thoughts on information security topics.

Blog Article

Jisc often receives requests from customers asking to help assess the effectiveness of a security control (firewalls being the most common). Security controls can rarely be assessed in isolation since doing so requires an understanding of the risks that led to the control being selected. This causes obvious problems for measuring effectiveness if controls are implemented for “best practice” rather than identified needs.

Blog Article

In the week since the TalkTalk breach there's been commentary on encryption of data, particularly with their CEO's comments that they were not legally required to encrypt data. Of course encrypting the storage of data at rest is a common sense control against a range of threats such as physical theft or loss of the storage device.

Article

I've spent a few weeks investigating how we can use open source tools to provide basic vulnerability assessment functionality within a small ISO 27001 scope (less than thirty systems). The more sophisticated and expensive and commercial products are great, but before we investigated their use I wanted to see what we could get on a limited budget (mostly my time).

Prev | Next