Top cyber crime threats to East Midlands businesses

I recently attended the East Midlands Cyber Crime Breakfast, where a panel of experts outlined what they saw as the principal cyber crime threats that were affecting organisations in the East Midlands. Continue reading “Top cyber crime threats to East Midlands businesses”

Why is my Password Too Long?

Dear Virgin Media

I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media).  I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently. Continue reading “Why is my Password Too Long?”

How do you evaluate an Information Exchange Gateway solution?

How do you evaluate an Information Exchange Gateway solution? I’ve blogged previously on Cyber Matters about how Information Exchange Gateways (IEGs) need to be built in a flexible manner to meet a variety of customer requirements. The other big question from potential customers is how do they know that they can trust a solution? Continue reading “How do you evaluate an Information Exchange Gateway solution?”

UK Government Security Classification Scheme

After nearly two years of planning, the new UK Government Security Classification system comes into operation this month. This will probably be accompanied by some articles from the doomsday brigade suggesting forecasting chaos and uncertainty; there are undoubtedly rough edges, but it’s important not to lose sight of the bigger cultural change at play…

Continue reading “UK Government Security Classification Scheme”

Booting Linux Securely

A report from Learning Tree “Linux Scores Highest in UK Government Security Assessment” has analysed the CESG set of reports on the security of end user devices, in which CESG assessed 11 operating systems. The Learning Tree report observed:

Of those, Linux got the best overall score

The report then looked at the criteria used to make this assess, and suggested:

As for Secure Boot, that has its serious detractors

Continue reading “Booting Linux Securely”

Simple Information Assurance Maturity Model

A few months back I was tasked by the Nexor Board to carry out a fresh review of the cyber threat to our business and the maturity of our risk mitigations. We’ve had ISO 27001 for a many years across the business, and our audits all come up good, so I thought it should be easy. But how could I explain the results in a Board friendly manner?

Continue reading “Simple Information Assurance Maturity Model”

What is the difference between a Guard and a Gateway?

Guards and gateways are full application layer proxies that connect to two or more networks.  They accept data passed on an inbound network interface, ‘process it’, and then pass data to the outbound network interface.   The difference between the two is in the ‘process it’ step.
Continue reading “What is the difference between a Guard and a Gateway?”