Security Questionnaires online, are they safe?

Those who have been following my posts know I have an evolving love/hate relationship with online security questionnaires. Done well, they can speed up the process for the client and service provider and establish a properly shared understanding of where risks lie and how those can be managed over time. Done badly, they can be Read more about Security Questionnaires online, are they safe?[…]

Pin It

Protecting against the biggest security vulnerability

First off, do you know what the biggest single cause of security vulnerabilities and successful attacks against computer systems is? A lot of people think of insufficient access controls, a lack of process, SQL injection, etc but there is something more fundamental sitting behind a lot of these that often gets overlooked. I’m talking about Read more about Protecting against the biggest security vulnerability[…]

Pin It

Web site scanning without prior permission is very likely illegal, here’s why

It appears that there is a growing wave of SaaS utilities that will either scan websites and internet-based services for you or provide you with access to historical information on sites and services they have already scanned, often for a fee. Unfortunately, using such services can result in your seriously falling foul of the law Read more about Web site scanning without prior permission is very likely illegal, here’s why[…]

Pin It

The Defence in Depth Security Model Explained

The Defence in Depth Security Model is one of those security concepts I often see incorrectly implemented or not used to its full potential to protect services or systems. There is way more to it than first meets the eye. In this article you will learn: What the Defence in Depth Security model is, How Read more about The Defence in Depth Security Model Explained[…]

Pin It

Continuous Pen Testing – Pros and Cons

It seems quite a few businesses are resorting to using 3rd parties to implement continuous pen testing for not only their own products but also for online services they also consume – this can be a very bad idea and lead to a false sense of security. In the face of it regularly scanning an Read more about Continuous Pen Testing – Pros and Cons[…]

Pin It

Security Event Logging, why it is so important

Every once in awhile I get asked why detailed event logging is so important when setting up cybersecurity controls at a business. In this article will attempt to explain why this is critically important. To log or not to log, that is question… When it comes to logging security events and being able to make Read more about Security Event Logging, why it is so important[…]

Pin It
Cyber Crime

Encrypt Email addresses at Rest

It seems not a day goes by without some major data breach occurring on businesses systems. Anywhere from a few thousand records to many millions at a time, containing information ranging from names, addresses, telephones number, dates of birth and account details, etc. One thing I have noticed, that seems to be a constant throughout Read more about Encrypt Email addresses at Rest[…]

Pin It