Don’t have an information security awareness programme? You’re not alone

P1030432

Phishing scams, dodgy attachments, weak passwords, websites without security certificates, using your mobile for work purposes… the list of potential sources for security breaches is endless. When it comes to information security, do you know what your role is, and what you should or shouldn’t be doing? Does your business have an information security awareness […]

Only 25% of directors are actively involved in reviewing security and privacy risks

Side view of two blurred businessmen talking in conference room

PwC’s 2015 Global State of Information Security Survey reveals that 50% of organisations now have cyber insurance to protect themselves against cyber risks and the misuse of personal data. This statistic supports the commonly accepted view that cyber risks will only continue to increase in potency and impact. In fact, the number of respondents that […]

Why have CompTIA qualifications become so important?

businessman with laptop in network server room

Just like producing a fine wine, it can take a long time for an IT qualification to become recognised and valued by individuals and employers.  This is not a bad thing, as the IT industry has historically been littered with ‘print your own certificate’ schemes that are not worth the paper they are written on. […]

Employees are the most-cited culprits of infosec incidents

iStock_000024086772XSmall

According to PwC’s Global State of Information Security® Survey 2015, employees have become the most-cited culprits of information security incidents – whether intentionally or not. The percentage of respondents who pointed at current employees as the cause for incidents has jumped by 10% since 2013. Moreover, 32% of the respondents of the 2014 US State […]

Having a ‘head for business’ essential for information security

Maldar

In this interview we talk to Maldar Ali, Information Security Risk Leader of EMEA at a leading financial services firm in the United Kingdom.  1. Maldar, welcome and thank you for participating in this interview. What do you believe is the biggest threat to information security today? There are many threats, such as APTs, but I […]

Ignorance responsible for 70% of staff-related breaches

Handsome Business Man in Suit with Surprised Expression

Phishing attacks remain a serious concern for organisations around the world.  No matter how much an organisation invests in firewalls, antivirus software or malware protection, all too often the weak link in the security chain is the human element. Employees are increasingly becoming the hapless targets of elaborate phishing scams, and the volume of such […]

Phone evidence remotely wiped in police stations

iStock_000013261322Small

Expert recommends putting phones in a microwave to prevent RF signals from activating ‘kill switch’ function.   Tablet and smartphone remote wipe functions have been used by criminals to wipe mobile devices that were seized by officers and secured in police stations. BBC News has reported that Cambridgeshire, Derbyshire, Nottingham and Durham police have all […]

The information security analyst: An interview with Stuart Ritchie-Fagg

SRF

In this interview we talk to Stuart Ritchie-Fagg, senior information security analyst. Stuart, welcome and thank you for participating in this interview.  How did you decide to embark on a career in information security?  Well, security really decided upon me.  My background was always fundamentally administration within business operations, and an opportunity arose to break […]

ISO27001:2013 one year on – What has changed? Part one

ddos-attack-protection-plan

A year on from the publication of ISO 27001:2013 I thought it worth reflecting on what the ‘new’ version of the specification has meant for those working with it, and whether it has addressed the criticisms levelled at the 2005 version. I’ll start by reflecting on what the 2013 version means for those that have […]

Is it time for a holistic approach to information security?

Having worked for an information security company for the past nine years, it has become apparent over that time that most infosec professionals fall into one of two groups. There are the people and process guys, who are very good at sorting out the paperwork and implementing standards like ISO27001. Then there are the technologists, […]