Category: Security review and audit

Data Confidentiality, Integrity and Availability

Posted on

Power-On Self-Test

Business and Personal life continuity in our new lockdown era ramps up the criticality of pings.

Cut off anyone’s internet access and with seconds that are flapping around like a fish in the floor. Within minutes their brain will implode and after an hour irreversible brain damage will kick in. Well, a slight exaggeration but you get me point.

Over 90% of our service requires an internet connection and it much cheaper now.
So with these old vulnerabilities in plain view why craft up new malware and exploits. Just reuse the classics, this Christmas, for example, we may see the same threats resurfacing. Privacy is so 2018 as many “bend the knee” to be tracked to “protect” society.

If you really want to socially distance yourself and isolate simply kill your WiFi, job done. No constant stream of toxic global pandemic news sending your brain into panic and disbelief but no entertainment [Sad Face?].

Time to dig up all DVDs or maybe actually talk to the person you live with…if you are lucky enough to co-habit.

Anyhow, my Internet Diet of 24-hours is over and I’m back online uploading this article.

Poor old UK Government has no idea what to do next

Posted on

28 Years ago, I should have known better

On reflection, I now crave the simplicity of my life in the 90’s.  The flow of data was slower, less widespread and simpler to secure as not many people knew it was there in the first place.

Today, we are swimming in data flows and everyone is their own system administrator.  iOS Beta 3 is now available, I can’t see the differences but no doubt the vendor is crunching an exabyte of test device data.  I’m still hooked on the Screen Time application.

I’m part of the generation that didn’t realise what it actually meant to push all end-users to be Network-centric and eventually dependent.  Now, turn off the Network and all hell breaks loose.  The option to live an offline digital life is now cumbersome, awkward and attracts suspicion as to why you are “not online”.

Data availability

28 years ago I knew users would have to be on the network to make data availability work, now I realise that helping to create that dependency was a mistake.  And like South Londoner, Michelle Wallen sang so wonderfully as Pica Paris “I Should’ve Known Better”.

Back in days of the BootLeg

Of course, it creates a nice arena for Data Privacy specialist like me.

Posted on

So you think you’ve been hacked

As an individual, where do you turn if you think you’ve been breached and your antivirus software tells you nothing?

Your Internet Service providers? Your bank?
Your email provider?
The techie friend of a friend who can find a job in the industry?
Your insurance company?
Your IT department at work?

…or your friendly neighbourhood CISSP®Certified Information Systems Security Professional.

Generally, though, it’s down to you and Google to figure it out.

Take your life offline if you get hacked.

In the meantime, you stumble around telling friends you’ve been hacked or that your tech is crap.

Naturally, social media is a massive help to find out if someone else has the same problem.  In my experience, the emotional pressure is one of the biggest issues.  Feelings of WTF and “why are they doing this to me” cloud your judgement and objectivity.

Don’t be a victim, be a warrior. Hellblade: Senua’s Sacrifice

Posted on

Yeah but, No but, Yeah but, No but

I find it really difficult to deal with people who ask for my professional advice and then turn around and argue with me or blatantly reject my guidance every time.

Week, months and sometimes years later, I’m proved right.

Banks are now targeting small business with Cyber Crime insurance….really. How the hell are you gonna prove you have been breached as opposed to poor digital hygiene.   Leaving a weak password on your office Network is asking for trouble and near on negligent.

I doubt whether an insurance policy will cover you if you fail to patch your systems or set-up 2-factor for yourself and your users.

This is money for old rope and a potential cash cow for insurers to Win while your lose.

I’ve got no time for this….me out.