Archive for the ‘Security’ Category

Protecting Information About Networks, The Organisation and Its Systems

I recently wrote a report with a number of colleagues for the Centre for the Protection of National Infrastructure (CPNI) on the Network Reconnaissance phase of a targeted attack following initial exploitation. The report covers what is targeted, how the attackers operate and what controls help. Below is a summary infographic and below the cut is the briefing presentation I delivered and the full report.

Infographic:

(more…)

Business Partner and Supply Chain Cyber Security

I’ve recently been involved in some strategic cyber security work in the UK financial services sector. The financial services sector is a complex and coupled system. While some components are clearly more important there are few components that are inconsequential if they cannot be relied upon. No financial services organisation is independent in what is a highly cooperative sector.

Currently the Information Assurance aspects of reliance on partners and supply chain throughout the sector is handled through third party assurance. Every organisation assesses and is assessed by every other organisation breeding an expensive and distracting industry of rolling security controls assessments.

(more…)

Twitter RSS