Why is usability important for security management?

Why is usability important for security management? Is it even important? Obviously for a lot of people, it is not. And that’s a problem. But what is usability anyway? Usability? According to Wikipedia, and I find the definition pretty accurate, usability is “the ease of use and learnability of a human-made object such as a […]

Will IoT kill us someday?

When you’re working in the security industry, being paranoid is kind of natural (or is it the other way around?). So, when you see how easy people, processes and technologies can be hacked, you become rapidly suspicious of anything. We all know bad things can happen and most of the time we try to mitigate […]

Should companies create Bitcoin accounts to be ready to pay ransoms?

In the past months, the press made public different security incidents involving companies being victims of ransomware (1)(2). Most of the time, a ransom had to be paid in Bitcoins. It’s logical as Bitcoins are much easier and cheaper to launder the money and hide the recipient than traditional money laundering circuits. You may decide […]

Your phishing awareness campaign may do more harm than good

Phishing and spear phishing campaigns become more and more elaborate, hence more difficult to identify and consequently more successful. Crelan’s 70 million € loss, early 2016 is a good example of the potential impact of such a successful social engineering attack. As automated security systems are unlikely to detect and block the most elaborate and […]

Is Cybersecurity a good buzzword?

For years now, Information security is a fast growing market. At least for a couple of years, the cyber security market is growing fast. Even in these times of budget cut in many sectors, quite often the cyber security department manages to negotiate an increase of its operational budget. That’s significant, isn’t it? Moreover, nowadays […]

Improve and speed up your Firewall Change Requests management for free

Should you be working for a small or a very large organisation, you probably have one or many firewall to manage. If you have half a decent security governance, you probably have someone reviewing and approving any request to update rules on the firewall(s). If you have a lot of requests to process and a […]

Are Red Team exercises close enough to reality?

A red team is a team of highly skilled professional with extended and varied skills (e.g. think about « Mission: Impossible ») acting has the opponents, challenging your plans, your controls, your security governance, your people. As a red team, we must think and behave as the « bad guys ». The goal is to emulate the critical thinking of your « official » […]

Security: It’s all about trust!

In the past few days, I had a few discussions and readings that made me think about the importance of the concept of trust in security and in our life more generally speaking. Think about it. All we do in security management, in training, in penetration testing, in patching or with monitoring is because we […]

Quand les contrôles vous font perdre le contrôle

Cela fait quelques temps que ce constat revient tout au long de mes diverses missions: certains contrôles font plus de mal que de bien. Particulièrement, les indicateurs et systèmes de mesure en tout genre. Quand nous mettons en place un système de gestion de la sécurité (qu’il soit conforme à la norme ISO27001 ou non), de gouvernance IT […]

Toi aussi amuses-toi avec les consignes de sécurité…

Les responsables sécurité ont rarement la réputation de joyeux lurons. En général, un « security officer » qui débarque dans une réunion est souvent perçu comme l’empêcheur de tourner en rond. Si c’est le cas, il a du travail à faire car, à mon humble avis, il devrait être perçu comme la personne qui va permettre de […]

%d blogueurs aiment cette page :