Four years ago I discussed some of the characteristics of cyber security that made the use of the term useful, this was at a time when the use of cyber security was widely derided by practitioners of IT security and Information Security. One of the common complaints was that Cyber…
Tag: architecture
Measuring Black Boxes, part one
I have been attempting to capture the process or to be more accurate the heuristics of how I analyse security architectures. This was originally driven by the time it took me to document my conclusions and the lack of any particularly well-suited tooling but has increasingly become an attempt to…
We need to talk about IT
It has long been a truism of security practitioners that security is not an IT problem. This is an attempt to lift the gaze of the security team from technology to the wider business. A laudable and useful goal. However, IT is a security problem.
Big Data Security Analytics Paper
I wrote this paper with a colleague recently. A practical guide for getting started in Big Data Security Analytics. This should be the first of a series of posts on the application of big data technologies and data science approaches to cyber security. I understand the impact of pervasive mobile,…
Cross-Domain Gateway Functions
Cross-Domain Gateways are a concept from multi-level government and military networks that are increasingly being deployed into traditionally flat commercial networks. I’ve spoken before about ‘trust zones‘ and the concept of choke-points between trust zones concept combined with a view of the threat exposure for each trust zone underlies the…