30 October 2015 at 12:00pm
In the week since the TalkTalk breach there's been commentary on encryption of data, particularly with their CEO's comments that they were not legally required to encrypt data. Of course encrypting the storage of data at rest is a common sense control against a range of threats such as physical theft or loss of the storage device.
19 December 2014 at 2:11pm
There's been a huge amount of press coverage of the attack and subsequent data breach at Sony and the few facts that are public knowledge have been swamped by hearsay and conjecture. What can we learn so far? Here are a few thoughts to end the year on.
4 December 2014 at 2:15pm
For many if not most organisations information security risk management is a new and relatively immature activity that they are still discovering and learning more about. This can mean that the results of the activity can be imperfect. As we learn we can improve the process to better fit the requirements of the organisation but in the meantime we need the ability to deal with flawed results. Some might even go a step further and propose that most risk management methods are inherently flawed and don't go far enough to investigate and measure the root causes of risks.
15 October 2014 at 3:27pm
Over the past week I’ve been looking at our existing processes for managing risk, how information security risk fits within this framework, and what improvements can be made overall.
Subscribe to risk