withoutfire

Bruce Schneier spoke on the subject of The Future of Privacy at the Open Rights Group on Friday. The ORG is the ‘UK equivalent’ of the EFF and I’m proud to be one of its founder members. I’ve heard Bruce speak a few times, most recently at WEIS 09, and I’ve always been impressed at [...]

It feels like the ICO has a target of publicising one major breach a week.  This week was the turn of Verity Trustees Limited, the trustee organisation behind The Pensions Trust. The Pensions Trust provides pensions for over 4,000 organisations and 130,000 people from the not-for-profit sector.
In this case the ICO press release (PDF) reported [...]

On Monday I had the pleasure of attending the launch of Stewart Room’s new book ‘Butterworths Data Security Law and Practice’. Stewart wrote the definitive guide to the Data Protection Act for techies, the equally snappily-named Data Protection and Compliance in Context. This is also the course book for the ISEB Practitioner-level certificate in Data [...]

Yesterday I heard Andy Smith, the Chief Security Architect for the Identity and Passport Service (IPS) speak at the BCS Central London branch meeting about the security behind the new National Identity Register which supports the National Identity Card.
On one slide he highlighted what he considered the three biggest threats to Information Security:

Complacency
Apathy
Inattention (Andy called [...]

Ask anyone who works in Information Security what the initials CIA mean and they will say “Confidentiality, Integrity and Availability”. These are the three measures used to assess the impact that an unwelcome event would have on an asset.
When I train people, I talk about another more important Information Security meaning of CIA: Common Sense, [...]

For me, one of the best parts of a holiday is the time sitting by the pool or at the beach (and less happily the airport) catching up on some serious reading. If there’s one profession that requires an insatiable capacity to read it is information security. I find it hard to keep up with [...]

A couple of days ago I highlighted a post about security issues Facebook applications from the Light the Blue Touchpaper blog (the security research team at Cambridge). It came the week after I had spent two days giving repeated sessions of a “how to stay safe on the Internet course” and showing people how they [...]

This won’t be a surprise to anyone who works in IT security, but last week the BBC reported how easy it was for an experienced security consultant doing some pretty basic ’social engineering’ to:

Walk into buildings unchallenged and steal data from a company
Get users to divulge their password over the telephone to someone who claimed [...]