User-Interface design: an overlooked security matter

Human error is one of the most overlooked threat to most IT systems. A low level of user acceptance of the security features can be one of the most challenging part of the transformation of a company into a secure organization. KISSS: Keep it Simple, Stupid and Sexy. The last S from this new version […]

The impact of cyber crime on Belgian Businesses

In 2017, the Belgian Cost of Cybercrime project (KUL) published the results of an enlightening study aiming to measure the impact of cybercrime, and more broadly cyber attacks, on Belgian Businesses. We can highligt two results from this paper: First most businesses have been hit by one form or another of cyberattack, some even more […]

You receive spam by SMS (or via email) in Belgium, you can report it online to the authorities!

A while ago I posted an article stating that there was no way to report SMS spam online in Belgium. Guess what, I was wrong! First, I was wondering if it was really illegal to send unsollicited commercial message by SMS in Belgium. I found this really nice flyer from the federal public service of […]

Risk management as a decision tool: a synthetic diagram

Whatever the reference you might use (ISO27001, NIST CybersecurityFramework,the Australian ISMF, the german IT Grundschutz,…), all information security framework has risk management as its core. Some people think of risk management as a painful and lenghty process used to justify security expanses or to achieve compliance with a standard. It can be just that. But, first of […]

If there was only one, what would be the security behaviour change you’d like to see?

If you have a very limited budget and you can only focus on one security awareness activity focused on on message, on one behaviour, what would it be? Tough question. It was asked by Dr Jessica Barker during the last (ISC)² Secure Summit in Amsterdam. There was hundred of security professionals in the room. The […]

Are you prepared to face a TDOS?

Recently, DHS (US Department of Homeland Security) announced they are developing with private partners a solution to mitigate Telephony Denial of Services (TDOS) against emergency numbers and other critical phone numbers. For the past years TDOS attacks seems to have flourish in the US. They are often used to claim a ransom to the targeted number […]

How do penalties affect your security policies effectiveness?

One of the requirements of any decent policy (and law) is having a penalty link to its non-respect. In penal law, « Nulla lege sine poena » (no law without punishment) is one of the corollary of the famous principle « Nulla crimen, Nulla poena sine lege  » (no crime, no punishment without a law). From a behavioural point […]

StartSSL is blocked by Chrome & Firefox and they didn’t notified their customers

The SSL certificates issued by Israel based Certificate Authority StartSSL (https://www.startssl.com/) are blocked by Google Chrome and Mozilla Firefox since March 2017. Behind what could be just a technical issue, there is some disturbing facts: First, the reason why Google and Mozilla have decided to progressively block StartSSL (and more importantly WoSign) is the issuance […]

Your security maturity is low? Are you using your people the best way you can?

One famous saying attributed to Steve Jobs must be: « it doesn’t make sense to hire smart people and tell them what to do; we hire smart people so they can tell us what to do. » It makes sense and security is no exception. How often do I see companies struggling to improve their level of […]

%d blogueurs aiment cette page :