Having a ‘head for business’ essential for information security

Maldar

In this interview we talk to Maldar Ali, Information Security Risk Leader of EMEA at a leading financial services firm in the United Kingdom.  1. Maldar, welcome and thank you for participating in this interview. What do you believe is the biggest threat to information security today? There are many threats, such as APTs, but I […]

Ignorance responsible for 70% of staff-related breaches

Handsome Business Man in Suit with Surprised Expression

Phishing attacks remain a serious concern for organisations around the world.  No matter how much an organisation invests in firewalls, antivirus software or malware protection, all too often the weak link in the security chain is the human element. Employees are increasingly becoming the hapless targets of elaborate phishing scams, and the volume of such […]

Phone evidence remotely wiped in police stations

iStock_000013261322Small

Expert recommends putting phones in a microwave to prevent RF signals from activating ‘kill switch’ function.   Tablet and smartphone remote wipe functions have been used by criminals to wipe mobile devices that were seized by officers and secured in police stations. BBC News has reported that Cambridgeshire, Derbyshire, Nottingham and Durham police have all […]

The information security analyst: An interview with Stuart Ritchie-Fagg

SRF

In this interview we talk to Stuart Ritchie-Fagg, senior information security analyst. Stuart, welcome and thank you for participating in this interview.  How did you decide to embark on a career in information security?  Well, security really decided upon me.  My background was always fundamentally administration within business operations, and an opportunity arose to break […]

ISO27001:2013 one year on – What has changed? Part one

ddos-attack-protection-plan

A year on from the publication of ISO 27001:2013 I thought it worth reflecting on what the ‘new’ version of the specification has meant for those working with it, and whether it has addressed the criticisms levelled at the 2005 version. I’ll start by reflecting on what the 2013 version means for those that have […]

Is it time for a holistic approach to information security?

Having worked for an information security company for the past nine years, it has become apparent over that time that most infosec professionals fall into one of two groups. There are the people and process guys, who are very good at sorting out the paperwork and implementing standards like ISO27001. Then there are the technologists, […]