Risk Management with Stuart King and Duncan Hart:

March, 2007


March 31, 2007  9:37 AM

A Saturday Comment

sking2 Profile: sking2
Misc

I've noticed that no-one reads this blog on a Saturday which begs the question of why I'm writing anything. However, given the technology I could have actually written this last Tuesday and scheduled it to be published on Saturday. In fact, right now I'm sipping coffee in Starbucks reading this...

March 28, 2007  9:56 PM

Another laptop theft

sking2 Profile: sking2
Security management

Yet another tale about a stolen laptop containing private data. Read all about it here: http://www.theregister.co.uk/2007/03/28/hospital_laptop_theft/. The healthcare authority concerned say they are "very very sorry" (


March 28, 2007  8:01 AM

Use of Skype

sking2 Profile: sking2
Skype, VoIP

The subject of Skype came up again. We've taken a pretty hard line against the use of this software on the corporate network and for good reason too in my opinion. Questions around fundamentals such as confidentiality, issues around protocols, and risks from malware have led to a policy banning...


March 27, 2007  8:15 AM

Data Breaches Can Hit Anyone

sking2 Profile: sking2
Security management

A timely reminder here that security breaches are not necessarily "just a problem of big name concerns."


March 26, 2007  5:13 PM

Moving on…

sking2 Profile: sking2
Misc

A change of employment and a relocation to warmer climes means that entries on this blog may become sporadic over the next few weeks. Change can be positive and I'm a strong believer in the importance of not stagnating within a role. New challenges bring new experience and I'm looking forward to...


March 24, 2007  5:17 PM

More on PCI – the audit guide

sking2 Profile: sking2
PCI

Some excellent commentary from Mark Curphey on the subject of the PCI DSS over on his blog at http://securitybuddha.com/. The other element of the PCI DSS that is of concern is the Audit Procedures and Reporting document designed to be used as the principle...


March 22, 2007  7:54 AM

How to get work in Information Security

sking2 Profile: sking2
Misc

I was browsing through job listings looking for examples of advertised jobs within information security. A number of adverts had me scratching my head. Read this one then ask yourself: What is the agency really looking for?

Are you a Security Specialist? Are you CISSP qualified or have...


March 21, 2007  6:47 PM

More on documenting security requirements

sking2 Profile: sking2

I was involved in an interesting debate today around the value of documenting a good set of security requirements. The debate was the result of report written where it was stated that deficient security requirements resulted in increased risk. No-one disagreed with the conclusion however, what was...


March 20, 2007  5:11 PM

Developer training or an Application Firewall – you decide..

sking2 Profile: sking2
Web product security

If you had £20k to spend on web product security and could choose between training your team of developers in appropriate secure coding skills or purchasing an application firewall, which would you choose? Here's my answer - I'd buy the firewall. Now, there might be a few of you who are...


March 20, 2007  5:48 AM

RSA Anti-Fraud Service

sking2 Profile: sking2
Web product security

An interesting new service being offered by RSA: http://www.rsa.com/press_release.aspx?id=7922.

RSA, The Security Division of EMC (NYSE: EMC), today announced it will launch its new RSA FraudActionSM Anti-Trojan service,...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: