Risk Management with Stuart King and Duncan Hart:

January, 2008


January 30, 2008  1:00 PM

Can Agile development be secure? Yes it can!

sking2 Profile: sking2
Agile development

Give me a pound for every development team I've heard saying that they use an "Agile" methodology and I'll be able to fulfil my planned dream of retiring to a small Greek Island where I'll spend my days picking olives and feeding the goats. Dig a little deeper though and I wonder whether or not...

January 26, 2008  12:00 PM

Janet & John Security

sking2 Profile: sking2
Data Leakage

Two stories in the press demonstrate that the disgruntled or motivated employee remains a threat to be reckoned with. The first, of course, relates to the SocGen rogue trader. The second, on a slightly different scale, is the story of a Florida woman who maliciously deleted her employers critical...


January 24, 2008  4:30 PM

Security Metrics – Are we secure?

sking2 Profile: sking2
Metrics

It's crunch time and some facts and figures are needed to demonstrate security status to senior management. How are you going to do that? I've been working for a while on making sure that I have access to a decent set of data from across the whole business and setting up a dashboard for myself so...


January 22, 2008  8:51 AM

Government Data Loss

sking2 Profile: sking2

The continuing instances of private data loss and compromises from government and military departments are indicative of organisations that treat security as an expense to be avoided rather than as a cost of everyday business. That is why data is moving around without encryption, and why investment...


January 21, 2008  7:57 PM

The Dark Visitor

sking2 Profile: sking2

I've been reading an interesting blog that focuses on the subject of Chinese hackers and a PRC government run organization of eight Chinese hacker groups dedicated to cyber espionage. This is a theme I've been harping on about for a little while now and I'm just wondering when the...


January 20, 2008  8:00 PM

Going round in circles

sking2 Profile: sking2
Security management

The following quote is taken from an article entitled Computer Security: A Current Assessment, published in the very first edition of Computers & Security Journal back in January 1982.

We have figured out how to make computers faster, smaller, and more efficient, but...


January 20, 2008  10:09 AM

Online security – a new approach needed

sking2 Profile: sking2
Web security

A few days ago, an acquaintance of mine revealed that a web site his organisation owns was defaced. In fact, this was not for the first time as the same site was defaced a couple of years ago and has been attacked via the same exploit on a regularly basis ever since. We know what the problem is: I...


January 18, 2008  11:56 AM

Egg on my face?

sking2 Profile: sking2
PaaS, Phishing, SaaS

An interesting comment has been posted to a blog I wrote last September relating to Salesforce.com and how my opinions at the time leave me supposedly with "egg on face" following the recent security breach that they suffered. The blog article in question is


January 17, 2008  5:30 AM

ICO plea to business

sking2 Profile: sking2
.ico, Data protection

Careless, inexcusable and horrifying are the three adjectives used by Richard Thomas, the UK information commissioner, to describe the recent proliferation of security breaches. Mr Thomas added: "Business and public sector leaders must take their data protection obligations more seriously." You...


January 14, 2008  6:00 AM

What CIOs should be doing about security in 2008

sking2 Profile: sking2
malware, Strategy, Virtualization, VoIP

If CIOs are going to make the most of opportunities for using IT to fuel business transformations, and become engaged in experimentation with PaaS, SaaS, virtual worlds, Web 2.0 and the full realm of other new and emerging technologies then Information Security must become an embedded and...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: