Risk Management with Stuart King and Duncan Hart:

September, 2008


September 29, 2008  6:00 PM

Chips and custard

sking2 Profile: sking2
Network security, Security management

Two things that definately do not go together are chips and custard. Unless you're pregnant. Or from Belgium where I suppose it's not too far removed from smothering your frites with mayo. An old friend of mine actually has a phobia of mayonaise. I'm not making it up. Put a jar of Helmans finest in...

September 26, 2008  9:00 AM

Breaking websites without touching the application

sking2 Profile: sking2
Security management, Web product security

Just as there is more than one way to skin a cat, there are many ways to break a web application. When I speak to developers and ask them if they are producing a secure system, the answer I'll get will usually mention validation and SQL Injection and so on. Good...


September 25, 2008  9:00 AM

Value of CISSP status

sking2 Profile: sking2
certification, Security management

CISSP_logo.jpgIt's been a while since I updated my CISSP...


September 24, 2008  2:30 PM

BBC Mailing List Compromised

sking2 Profile: sking2
Security management

A point I frequently make is that it's not just the regulated and sensitive data sets that have value and require good control. Simple lists of email addresses and names also have value. No better evidence of this is required than the fact that a BBC mailing list of people who had signed up...


September 24, 2008  9:00 AM

Unauthorised software on the network

sking2 Profile: sking2
Network security, Security management

I spent a good part of a recent day discussing the reasons why I had instructed the removal of certain unauthorised software from a number of PCs on the company network. The arguments that came my way were:

- they needed it
- we should be accommodating
- it's not posing any...


September 22, 2008  9:30 AM

There’s a hole in your network and you’re not the first to know…

sking2 Profile: sking2
Network security, Security management

In the words of the great poet, David Brent (from The Office), "If you can keep your head when all around you have lost theirs, then you probably haven't understood the seriousness of the situation."


September 19, 2008  2:30 PM

Hypothetical situation: security incident or not?

sking2 Profile: sking2
Security management

A friend and I were imagining the following hypothetical situation: somebody performs a change to a network service which subsequently (let's presume it's business critical) is out of action for an extended period of time as a result. Documented change control processes were not followed. Is this a...


September 18, 2008  6:00 AM

Information security is not recession proof

sking2 Profile: sking2
Security management

I keep getting told how lucky I am to be doing a job perceived to be "recession proof." Personally I don't think this is the case. If the company were to go down then I doubt there would be much room in the lifeboat for security awareness programmes and risk models. Don't take anything for granted...


September 16, 2008  8:30 AM

Communication and the first law of security

sking2 Profile: sking2
Security management

Security makes for a great scapegoat. "We can't get access to the website" then blame security. "My computer is running too slow", blame all the security tools on it. "I can't get access to the network", must be the fault of security, and so on...

Reality is that the problems are more...


September 15, 2008  5:58 PM

Cern Website Hacked

sking2 Profile: sking2
Security management, Web product security

A website associated with the Large Hadron Collider (LHC) atom-smashing experiment at Cern has been hacked.

A group of hackers called the GST, or Greek Security Team, has claimed responsibility for the attack. They posted a lengthy message on the site to prove...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: