Risk Management with Stuart King and Duncan Hart:

December, 2007


December 31, 2007  5:30 AM

Securing home access to the network

sking2 Profile: sking2
IPsec, Ssl vpn

There is an ever increasing requirement to provide suitable facilities so that employees can work from home. Right now all we have available within my own organisation is an expensive and cumbersome IPSec VPN solution that requires an employee to have company provided equipment on which to install...

December 27, 2007  7:00 AM

VoIP Security

sking2 Profile: sking2
VoIP

Robert Moore is a convicted hacker, currently serving two years in prison for his role in stealing and reselling VoIP services. In an interview given to Information Week, Moore describes in detail how easy it was to break into corporate systems and the methods that he used. On particular quote...


December 26, 2007  4:09 PM

Millennials and Risk

sking2 Profile: sking2
Risk management

Interesting article here on Security Focus entitled "IT Risk and the Millennials" about the Generation Y workforce, their expectations, associated consumersation of IT and the risks that come along with it. According to the article, "Millennials...


December 20, 2007  5:36 AM

Challenges ahead

sking2 Profile: sking2
Security management

This is my last entry for a few days as I fully intend to make the most of the holidays. I wanted to take the opportunity to say thanks to those who regularly read and support this blog, and to wish everybody a merry christmas and good luck for the new year. A number of events have stood out...


December 19, 2007  5:30 AM

Microsoft Developers Highway Code

sking2 Profile: sking2
Microsoft

I'm not impressed by the new version of the Developer Highway Code from Microsoft. There's no denying the fact that it's all good, sound, common sense guidance but I'm wondering for who, and also who Microsoft expect to actually read it. Let's take Module 2 on "Security Objectives." We all know...


December 18, 2007  5:00 AM

L-Driver data breach: L-Government?

sking2 Profile: sking2
Data breach

Another day, another data breach. Actually, another day, another blog about another data breach. Hey, at least it means I don't have to think too hard about what to write about! Flippant remarks aside, there are some interesting aspects of this latest breach that I think are worthy of comment. Of...


December 17, 2007  8:00 AM

Are we feeling a little vulnerable?

sking2 Profile: sking2
Security management

Quote of the week has got to be "Before, our systems were a little bit vulnerable, and now they are not" from Andrew Brenson, a spokesman for the charity Children In Need. Almost as good is the report of their business case for implementing a new two factor authentication solution...


December 16, 2007  8:00 AM

Prediction for 2008 – more targeted attacks

sking2 Profile: sking2
malware, Targeted Attacks, Trojans

If I have to make one prediction for 2008, it is that I think we will see an increase in reports of targeted attacks against organisations of all sizes and types. That such attacks are already happening goes without saying because penetrating the average corporation appears to be childs-play for...


December 12, 2007  8:00 AM

Dangerous developers

sking2 Profile: sking2
Shareware

Developers often want to make use of shareware to obtain code they would otherwise need to be spending a lot of time developing. The IT Ethics handbook (by By Stephen Northcutt, ISBN 1931836221) states:

Downloading shareware opens an entire box of ethical issues....the programmer and the...


December 11, 2007  12:00 PM

Skype me!

sking2 Profile: sking2
Network security, Skype

I've just finished writing up a short White Paper on Skype - in particular the old question of whether or not it can be installed onto company equipment, the risks, costs, and some investigation into the system architecture. Quite honestly, I don't consider Skype to be an insecure system (so long...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: