Posts

The end of them

I woke up early on Saturday morning, to shouting. My son, Alex, had electrocuted himself after consulting with Alexy. The recruiting process at our firm had to be accelerated, the CEO was pushing growth, growth, growth. So my mind was on other things - we needed help. My son seemed ok, so I wrote my idea down on how we could accelerate growth, starting with using outside recruitment agency StarHire. My friend, James, knew the CTO well, they seemed good. Email sent. Only two weeks later, Alf joined our development team along with 41 other recruits, wow, StarHire, and now me, really were stars! The direct access to our recruiting system paid dividends. Not enough disk space... damn... Alf cursed. Time for a clean up. The first we knew was when our daughter called to say her boyfriend, Petey, was no longer with us. Something about something falling from the sky!? Then the news reports started coming in, people injured and dying from something falling from the sky, described as very severe...
Post a Comment
Read more
Image
Some of you will remember the 1970s film Marathon Man which starred Dustin Hoffman. The most famous scene involves him being asked over and over ‘is it safe?’, not having a clue what his interrogators are after his answers range from exclaiming: he doesn’t know what they are talking about to a series of positive and negative confirmations. All along he is being tortured through dentistry. If you are involved in information security, privacy, and/or, compliance, you will no doubt have been involved in evaluating the security, privacy, and compliance of software. Sometimes called a risk assessment and/or privacy impact assessment, hopefully taking a risk-based perspective in the context of the ask. The merry dance of trying to discover if the software is secure from a whole host of angles, whilst the requestor is waiting agitated in the wings proclaiming that ‘big company acme already uses this, surely it is fine…’. A kind of torture where the people you are asking the questio...
Post a Comment
Read more

Bad things happen - about going without

Image
If you plot out the timeline of your life, have bad things happened and are they likely to happen in the future? I am going to guess yes to both of these, unless you are Mary Poppins. W hy then do you get angry, disappointed, annoyed, when bad things happen? They will happen. Here is a scientific diagram that proves it!: 'Our anger and annoyance are more detrimental to us than the things themselves which anger or annoy us' - Marcus Aurelius All this in mind, what is the worst thing that can happen to you? Your toast falls face down Your credit card details get hacked Someone says something bad about you on Twitter Losing your job (bit careless) Injury Death Immortality But don't worry. The obsession right now is to protect people from all these things, to have insurance, credit card fraud cover, class actions, the crowd that stands against offense, and the ongoing halting of inevitable death (the 'fight' against death). I would argue immortal...
Post a Comment
Read more

Assets - knowing where your stuff is at

Image
This is the Tower of London. I was recently passing and took a snap, but pondered "why is it surrounded by so much security?"... Well, presumably because it contains the "crown jewels", somebody has assessed the risks and put in the appropriate controls to try and stop something bad happening. Too many times I hear and read about controls, buying this and that to stop this and that. But, not much time is spent on the thing you are trying to protect, the asset. And, where that asset is, who can (needs to) access it, why you need it, how long you need to keep it, and whether it moves around. I suspect with the new General Data Protection Regulation (GDPR) you are going to be forced to answer these questions. Even if you are not in the European Union (EU). The case for the Tower of London is relatively simple as it involves a physical asset, but when you are considering electronic information it is less simple to just know where it is. Consider one email wit...
1 comment
Read more

Least privilege - get what you need, not what you want

Image
I like trains. I would quite like to drive the train, but that is not on the cards as I have no training, so I sit/stand with everyone else in the passenger area - I am assuming someone is driving and it is not being done by an artificial robot train driver... yet... My firm belief is as security people we are starting to forget the basic principles of security that help protect something important, us and the information we use. And, we forget to explain, sell, story tell them to people - we just say "well you must ensure you have least privilege", and people think "what is he/she on about...?". One of my favourite principles is "least privilege" - so giving people access to only what they need access. This certainly seems like a very strong way to protect what is important. If people only have access to what they need and they become compromised, the bad actor (they aren't acting) can only access what you have access to. "The pr...
Post a Comment
Read more