Risk management in information security

Information security risk management is the process of identifying vulnerabilities to your information assets that could impact their confidentiality, integrity or availability along with the threats that could exploit those vulnerabilities – together these define the risk.  The next step is to evaluate the risk to determine its severity, usually by considering the impact if…

Read more

How does DNS work Cheatsheet / Infographic

We recently saw an infrographic posted to LinkedIn describing how DNS worked that was full of errors.  Now no simple diagram is going to cover all aspects of DNS but we feel that ours is the best balance of accuracy and simplicity! Some people suggested that the full DNS query (the FQDN) wasn’t submitted to…

Read more

Outlook Send Delay Guide

Have you ever clicked Send on an email only to have a moment of terror when you’re not sure if you sent it to the right recipient? Or worse, you knew you’d sent it to the wrong recipient, and it had sensitive information attached but it was too late to do anything. Fortunately, Outlook has…

Read more

Information Assets – what are they and why should I care?

Information security is all about ensuring the availbility, confidentiality and integrity of information assets (the CIA triad), however many organisations attempt the risk assessment phase of an information security programme without having clear visibility of what their information assets are or perhaps they are aware of some but haven’t prioritised nor modelled the threats against…

Read more

Browser in the Browser (BitB) attack: Visually perfect phishing

Criminals are constantly coming up with novel techniques to launch attacks and there’s a new phishing technique available to them that’s a terrifyingly convincing.  Users have been told for years to double check domain names, look for padlocks to confirm encryption is enabled and that using SSO (Single-Sign On) services is a good thing –…

Read more

Active Security Shield Hat

UPDATE: This is an April Fools’ Day joke – please do not contact us to order your asshat. Finally, your cyber security woes can be solved fashionably with the latest product from Seguro Ltd, the Active Security Shield Hat. Not only does this highly desirable piece of headwear look great, it sports a discrete active…

Read more

ISO 27001 Update Due

As anyone who has worked with ISO standards know, they can be a great tool in the right hands and ISO 27001 (the information security management standard) is no different. In the fast-changing world of information security however, some elements of the standard and it’s controls have dated and do not quite align with modern…

Read more