A short thought-provoking piece about changing security habits in order to develop a culture of security. Continue reading

My eye has been caught once again this afternoon by yet another advertisement disguised as a press release breathlessly informing us that the company can deliver "security awareness training". It seems innocuous enough, but what does this three-word phrase really tell us about them? Let me explain. I consider myself an information security awareness professional - that is, I help customers improve their employee's awareness of information security matters. Awareness, in my book at least, is a generalized approach, spreading the good word about information security and so leading to a broad company-wide understanding of information security, along with the... Continue reading

While reading IT Grundschutz, the German information security baseline standards, and in particular the BSI standard 100-4 on Business Continuity Management, I've been thinking about a curious gap that I believe has opened up between the fields of information security and business continuity. The way I think of it, 'resilience' (and related concepts such as 'over engineering', redundancy, automated failover and so forth) is very definitely an integral and essential part of 'business continuity' (in other words, keeping vital business operations running as near normally as possible, despite whatever threats and vulnerabilities might materialize). Keeping unauthorized users out of the... Continue reading

As New Zealand is one of the first places on Earth to enter 2010, I'm delighted to report that the new year has not caused my computer to lock up. Planes are not dropping out of the sky. The electricity is still on. The phone still works. The Internet isn't broken. Even the TV still works. Ten years ago, of course, that was newsworthy. Around the end of 1998 and early part of 1999, "Y2k" was widely predicted to cause all manner of IT disasters, and indeed it may well have done were it not for the enormous effort put... Continue reading