Last updated: 
5 days 14 hours ago
Blog Manager

I'm the Information Security Manager at Janet and through this blog I'll be sharing some of my experiences, ideas and thoughts on information security topics.

Blog Article

One of the many organizational tools to come out of manufacturing is called 5s. Based on a list of five Japanese words Seiri, Seiton, Seiso, Seiketsu, and Shitsuke (Sort, Set, Shine, Standardize and Sustain) it provides techniques that promote efficiency and quality, particularly in a workplace where multiple workers share responsibility for production.

Seiton and Seiso, promote the organization and tidying of a workspace. Are these methods relevant to information security? Are organized, tidy and maintained systems more secure?

Blog Article

Analogies are regularly used in Information Security. Our work can be difficult to understand, and a good analogy can be a powerful tool to simplify complex issues. Despite this I’m not their greatest fan. My apprehensions are because it’s not the only tool available to us. Clear and precise explanation in simple language can be overlooked in favour of analogy. Superficial or weak analogies can become clichés with no real thought for the underlying issues.

Blog Article

In the week since the TalkTalk breach there's been commentary on encryption of data, particularly with their CEO's comments that they were not legally required to encrypt data. Of course encrypting the storage of data at rest is a common sense control against a range of threats such as physical theft or loss of the storage device.

Blog Article

For many if not most organisations information security risk management is a new and relatively immature activity that they are still discovering and learning more about. This can mean that the results of the activity can be imperfect. As we learn we can improve the process to better fit the requirements of the organisation but in the meantime we need the ability to deal with flawed results. Some might even go a step further and propose that most risk management methods are inherently flawed and don't go far enough to investigate and measure the root causes of risks.

Blog Article

I'm curious about the language used to talk about information security issues. Does our choice of words influence the way we think about security, or does the way we think about security affect our words? Which is the cause and which is the effect? I think that at times both can be due and that does give me hope that this is something we can actively influence and control if we wish. Issues of risk can be complicated and difficult to communicate. Although we all innately (and largely successfully) deal with risk we don't routinely express these ideas through words.

Article

I've been asked about this topic a number of times in the last few months so I thought I'd share my thoughts here. Some of the suggestions are generic and broad in their reach and could be used elsewhere in your organisation.

What I typically do is breakdown the skills and qualifications that I think our operations require into a number of categories. These might be.

Article

I'm taking a two year internal secondment at Janet where I'll be working on our own information security management systems. I hope to be able to post more about this work within this group, not only to raise awareness of Janet's work in this area and what it means for our customers, but also to share our experiences, difficulties and successes.

Prev | Next